bump policy id versions to v0.6 (#786)

2026-02-07 00:36:07 +01:00 · 2025-10-08 16:16:58 -07:00
parent 8e173605d3
commit 2a405d3f6f
19 changed files with 289 additions and 289 deletions
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,7 +1,7 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.CALENDAR.1.1v0.5,"External Sharing Options for Primary Calendars SHALL be configured to ""Only free/busy information (hide event details)” to restrict information sharing and prevent data leakage.",Admin Log Event,Change Calendar Setting,SHARING_OUTSIDE_DOMAIN,SHOW_ONLY_FREE_BUSY_INFORMATION,rules/00gjdgxs1clzmpm,JK 07-28-23 @ 12:08
-GWS.CALENDAR.1.2v0.5,"External sharing options for secondary calendars SHALL be configured to ""Only free/busy information (hide event details)” to restrict information sharing and prevent data leakage.",Admin Log Event,Change Calendar Setting,SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR,SHOW_ONLY_FREE_BUSY_INFORMATION,rules/00gjdgxs3ob14fv,JK 07-28-23 @ 12:32
-GWS.CALENDAR.2.1v0.5,External invitations warnings SHALL be enabled to prompt users before sending invitations.,Admin Log Event,Change Calendar Setting,ENABLE_EXTERNAL_GUEST_PROMPT,true,rules/00gjdgxs26jpj72,JK 07-28-23 @ 12:20
-GWS.CALENDAR.3.1v0.5,Calendar Interop SHOULD be disabled unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar.,Admin Log Event,Change Calendar Setting,ENABLE_EWS_INTEROP,false,rules/00gjdgxs3yipjmt,JK 07-28-23 @ 14:42
-GWS.CALENDAR.3.2v0.5,OAuth 2.0 SHALL be used in lieu of basic authentication to establish connectivity between tenants or organizations in cases where Calendar Interop is deemed necessary for agency mission fulfillment.,N/A,N/A,N/A,N/A,N/A,"Not able to create rule due to bug in rule wizard. Applicable log event exists, but is not selectable within rule wizard."
-GWS.CALENDAR.4.1v0.5,Appointment Schedule with Payments SHALL be disabled.,Admin Log Event,Change Application Setting,CalendarAppointmentSlotAdminSettingsProto payments_enabled,false,rules/00gjdgxs3oppjwl,JK 09-08-23 @ 10:47
+GWS.CALENDAR.1.1v0.6,"External Sharing Options for Primary Calendars SHALL be configured to ""Only free/busy information (hide event details)” to restrict information sharing and prevent data leakage.",Admin Log Event,Change Calendar Setting,SHARING_OUTSIDE_DOMAIN,SHOW_ONLY_FREE_BUSY_INFORMATION,rules/00gjdgxs1clzmpm,JK 07-28-23 @ 12:08
+GWS.CALENDAR.1.2v0.6,"External sharing options for secondary calendars SHALL be configured to ""Only free/busy information (hide event details)” to restrict information sharing and prevent data leakage.",Admin Log Event,Change Calendar Setting,SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR,SHOW_ONLY_FREE_BUSY_INFORMATION,rules/00gjdgxs3ob14fv,JK 07-28-23 @ 12:32
+GWS.CALENDAR.2.1v0.6,External invitations warnings SHALL be enabled to prompt users before sending invitations.,Admin Log Event,Change Calendar Setting,ENABLE_EXTERNAL_GUEST_PROMPT,true,rules/00gjdgxs26jpj72,JK 07-28-23 @ 12:20
+GWS.CALENDAR.3.1v0.6,Calendar Interop SHOULD be disabled unless agency mission fulfillment requires collaboration between users internal and external to an organization who use both Microsoft Exchange and Google Calendar.,Admin Log Event,Change Calendar Setting,ENABLE_EWS_INTEROP,false,rules/00gjdgxs3yipjmt,JK 07-28-23 @ 14:42
+GWS.CALENDAR.3.2v0.6,OAuth 2.0 SHALL be used in lieu of basic authentication to establish connectivity between tenants or organizations in cases where Calendar Interop is deemed necessary for agency mission fulfillment.,N/A,N/A,N/A,N/A,N/A,"Not able to create rule due to bug in rule wizard. Applicable log event exists, but is not selectable within rule wizard."
+GWS.CALENDAR.4.1v0.6,Appointment Schedule with Payments SHALL be disabled.,Admin Log Event,Change Application Setting,CalendarAppointmentSlotAdminSettingsProto payments_enabled,false,rules/00gjdgxs3oppjwl,JK 09-08-23 @ 10:47
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,11 +1,11 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.CHAT.1.1v0.5,Chat history SHOULD be enabled for information traceability.,Admin Log Event,Change Application Setting,DynamiteOTRSettingsProto off_the_record_state,ALWAYS_ON_THE_RECORD,rules/00gjdgxs1svgvm3,JK 08-01-23 @ 06:36
-GWS.CHAT.1.2v0.5,Users SHALL NOT be allowed to change their history setting.,Admin Log Event,Change Application Setting,DynamiteOTRSettingsProto off_the_record_state,ALWAYS_ON_THE_RECORD,rules/00gjdgxs18ozqwd,JK 08-01-23 @ 06:51
-GWS.CHAT.2.1v0.5,External file sharing SHALL be disabled to protect sensitive information from unauthorized or accidental sharing.,Admin Log Event,Change Application Setting,DynamiteFileSharingSettingsProto external_file_sharing_setting,NO_FILES,rules/00gjdgxs2l93fr0,JK 08-01-23 @ 07:01
-GWS.CHAT.3.1v0.5,Space history SHOULD be enabled for traceability of information.,Admin Log Event,Change Application Setting,RoomOtrSettingsProto otr_state,"ALWAYS_ON_THE_RECORD
+GWS.CHAT.1.1v0.6,Chat history SHOULD be enabled for information traceability.,Admin Log Event,Change Application Setting,DynamiteOTRSettingsProto off_the_record_state,ALWAYS_ON_THE_RECORD,rules/00gjdgxs1svgvm3,JK 08-01-23 @ 06:36
+GWS.CHAT.1.2v0.6,Users SHALL NOT be allowed to change their history setting.,Admin Log Event,Change Application Setting,DynamiteOTRSettingsProto off_the_record_state,ALWAYS_ON_THE_RECORD,rules/00gjdgxs18ozqwd,JK 08-01-23 @ 06:51
+GWS.CHAT.2.1v0.6,External file sharing SHALL be disabled to protect sensitive information from unauthorized or accidental sharing.,Admin Log Event,Change Application Setting,DynamiteFileSharingSettingsProto external_file_sharing_setting,NO_FILES,rules/00gjdgxs2l93fr0,JK 08-01-23 @ 07:01
+GWS.CHAT.3.1v0.6,Space history SHOULD be enabled for traceability of information.,Admin Log Event,Change Application Setting,RoomOtrSettingsProto otr_state,"ALWAYS_ON_THE_RECORD
 OR
 DEFAULT_ON_THE_RECORD",rules/00gjdgxs13kc3ei,JK 08-01-23 @ 11:58
-GWS.CHAT.4.1v0.5(a),External Chat messaging SHALL be restricted to allowlisted domains only.,Admin Log Event,Change Application Setting,RestrictChatProto restrictChatToOrganization,false,rules/00gjdgxs3vz76ij,JK 08-01-23 @ 13:17
-GWS.CHAT.4.1v0.5(b),External Chat messaging SHALL be restricted to allowlisted domains only.,Admin Log Event,Change Application Setting,RestrictChatProto externalChatRestriction,TRUSTED_DOMAINS,rules/00gjdgxs3exvv2u,JK 08-01-23 @ 13:27
-GWS.CHAT.5.1v0.5,Chat content reporting SHALL be enabled for all conversation types.,Admin Log Event,Create Application Setting,ContentReportingProto group_chat_reporting,CONTENT_REPORTING_STATE_ENABLED,N/A, MD @ 10-15-24 @ 16:47
-GWS.CHAT.5.2v0.5,All reporting message categories SHOULD be selected.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
+GWS.CHAT.4.1v0.6(a),External Chat messaging SHALL be restricted to allowlisted domains only.,Admin Log Event,Change Application Setting,RestrictChatProto restrictChatToOrganization,false,rules/00gjdgxs3vz76ij,JK 08-01-23 @ 13:17
+GWS.CHAT.4.1v0.6(b),External Chat messaging SHALL be restricted to allowlisted domains only.,Admin Log Event,Change Application Setting,RestrictChatProto externalChatRestriction,TRUSTED_DOMAINS,rules/00gjdgxs3exvv2u,JK 08-01-23 @ 13:27
+GWS.CHAT.5.1v0.6,Chat content reporting SHALL be enabled for all conversation types.,Admin Log Event,Create Application Setting,ContentReportingProto group_chat_reporting,CONTENT_REPORTING_STATE_ENABLED,N/A, MD @ 10-15-24 @ 16:47
+GWS.CHAT.5.2v0.6,All reporting message categories SHOULD be selected.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,7 +1,7 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.CLASSROOM.1.1v0.5,Who can join classes in your domain SHALL be set to Users in your domain only,Admin Log Events,Change Application Setting,ClassMembershipSettingProto who_can_join_classes,1,rules/00gjdgxs1c0jzhh,JK 10-20-23 @ 13:18
-GWS.CLASSROOM.1.2v0.5,Which classes can users in your domain join SHALL be set to Classes in your domain only,Admin Log Events,Change Application Setting,ClassMembershipSettingProto which_classes_can_users_join,1,rules/00gjdgxs0hj2dit,JK 10-20-23 @ 13:23
-GWS.CLASSROOM.2.1v0.5,Classroom API SHALL be disabled for users,Admin Log Events,Change Application Setting,ApiDataAccessSettingProto api_access_enabled,false,rules/00gjdgxs3aafl8p,JK 10-20-23 @ 13:31
-GWS.CLASSROOM.3.1v0.5,Roster import with Clever SHOULD be turned off,Admin Log Events,Change Application Setting,RosterImportSettingsProto sis_integrator,SIS_INTEGRATOR_NONE,rules/00gjdgxs25t0l8g,JK 10-20-23 @ 13:42
-GWS.CLASSROOM.4.1v0.5,Who can unenroll students from classes SHALL be set to Teachers Only,Admin Log Events,Change Application Setting,StudentUnenrollmentSettingsProto who_can_unenroll_students,ONLY_TEACHERS_CAN_UNENROLL_STUDENTS,rules/00gjdgxs44rgreu,JK 10-20-23 @ 13:50
-GWS.CLASSROOM.5.1v0.5,Class creation SHALL be restricted to verified teachers only.,Admin Log Events,Change Application Setting,TeacherPermissionsSettingProto who_can_create_class,rules/00gjdgxs4cfwumr,JK 06-21-24 @ 11:58,
+GWS.CLASSROOM.1.1v0.6,Who can join classes in your domain SHALL be set to Users in your domain only,Admin Log Events,Change Application Setting,ClassMembershipSettingProto who_can_join_classes,1,rules/00gjdgxs1c0jzhh,JK 10-20-23 @ 13:18
+GWS.CLASSROOM.1.2v0.6,Which classes can users in your domain join SHALL be set to Classes in your domain only,Admin Log Events,Change Application Setting,ClassMembershipSettingProto which_classes_can_users_join,1,rules/00gjdgxs0hj2dit,JK 10-20-23 @ 13:23
+GWS.CLASSROOM.2.1v0.6,Classroom API SHALL be disabled for users,Admin Log Events,Change Application Setting,ApiDataAccessSettingProto api_access_enabled,false,rules/00gjdgxs3aafl8p,JK 10-20-23 @ 13:31
+GWS.CLASSROOM.3.1v0.6,Roster import with Clever SHOULD be turned off,Admin Log Events,Change Application Setting,RosterImportSettingsProto sis_integrator,SIS_INTEGRATOR_NONE,rules/00gjdgxs25t0l8g,JK 10-20-23 @ 13:42
+GWS.CLASSROOM.4.1v0.6,Who can unenroll students from classes SHALL be set to Teachers Only,Admin Log Events,Change Application Setting,StudentUnenrollmentSettingsProto who_can_unenroll_students,ONLY_TEACHERS_CAN_UNENROLL_STUDENTS,rules/00gjdgxs44rgreu,JK 10-20-23 @ 13:50
+GWS.CLASSROOM.5.1v0.6,Class creation SHALL be restricted to verified teachers only.,Admin Log Events,Change Application Setting,TeacherPermissionsSettingProto who_can_create_class,rules/00gjdgxs4cfwumr,JK 06-21-24 @ 11:58,
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,48 +1,48 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.COMMONCONTROLS.1.1v0.5,Phishing-Resistant MFA SHALL be required for all users.,Admin Log Event,Enforce 2-Step Verification,No Setting Name,true,rules/00gjdgxs3twm54g,JK 08-02-23 @ 06:51
-GWS.COMMONCONTROLS.1.2v0.5,"If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.",Admin Log Event,Change Allowed 2-Step Verification Methods,No Setting Name,NO_TELEPHONY,rules/00gjdgxs3t3ug07,JK 08-02-23 @ 14:53
-GWS.COMMONCONTROLS.1.3v0.5,SMS or Voice as the MFA method SHALL NOT be used.,Admin Log Event,Change Allowed 2-Step Verification Methods,No Setting Name,NO_TELEPHONY,rules/00gjdgxs3t3ug07,JK 08-02-23 @ 14:53
-GWS.COMMONCONTROLS.1.4v0.5,New user enrollment period SHALL be set to 1 week.,Admin Log Event,Change 2-Step Verification Enrollment Period Duration,No Setting Name,1 week,rules/00gjdgxs19shvvu,JK 08-02-23 @ 07:04
-GWS.COMMONCONTROLS.1.5v0.5,Allow users to trust the device SHALL be disabled.,Admin Log Event,Change 2-Step Verification Frequency,No Setting Name,ENABLE_USERS_TO_TRUST_DEVICE,rules/00gjdgxs15t2155,JK 08-02-23 @ 07:10
-GWS.COMMONCONTROLS.2.1v0.5,Policies restricting access to GWS based on signals about enterprise devices SHOULD be implemented.,Admin Log Event,Context Aware Access Enablement,No Setting Name,ENABLED,rules/00gjdgxs1qrcqvm,JK 08-02-23 @ 07:49
-GWS.COMMONCONTROLS.2.2v0.5,"Use of context-aware access for more granular controls, including using Advanced Mode (CEL), MAY be maximized and tailored if necessary.",N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.COMMONCONTROLS.3.1v0.5,Post-SSO verification SHOULD be enabled for users signing in using the SSO profile for your organization.,Admin Log Event,Change Application Setting,SsoPolicyProto challenge_selection_behavior,PERFORM_CHALLENGE_SELECTION,rules/00gjdgxs0o76pk2,JK 08-02-23 @ 07:59
-GWS.COMMONCONTROLS.3.2v0.5,Post-SSO verification SHOULD be enabled for users signing in using other SSO profiles.,Admin Log Event,Change Application Setting,SsoPolicyProto sso_profile_challenge_selection_behavior,PERFORM_CHALLENGE_SELECTION,rules/00gjdgxs0o76pk2,JK 08-02-23 @ 07:59
-GWS.COMMONCONTROLS.4.1v0.5,Users SHALL be forced to re-authenticate after an established 12-hour GWS login session has expired.,Admin Log Event,Change Application Setting,Session management settings - Session length in seconds,43200,rules/00gjdgxs1j87x46,JK 08-02-23 @ 08:11
-GWS.COMMONCONTROLS.5.1v0.5,User password strength SHALL be enforced.,Admin Log Event,Change Application Setting,Password Management - Enforce strong password,on,rules/00gjdgxs2rh5fry,JK 08-02-23 @ 08:21
-GWS.COMMONCONTROLS.5.2v0.5,User password length SHALL be at least 12 characters.,Admin Log Event,Change Application Setting,Password Management - Minimum password length,12,rules/00gjdgxs0ogcs3x,JK 08-02-23 @ 08:51
-GWS.COMMONCONTROLS.5.3v0.5,User password length SHOULD be at least 15 characters.,Admin Log Event,Change Application Setting,Password Management - Minimum password length,15,rules/00gjdgxs0ogcs3x,JK 08-02-23 @ 08:51
-GWS.COMMONCONTROLS.5.4v0.5,Password policy SHALL be enforced at next sign-in.,Admin Log Event,Change Application Setting,Password Management - Enforce password policy at next login,true,rules/00gjdgxs0p7tza1,JK 08-02-23 @ 09:00
-GWS.COMMONCONTROLS.5.5v0.5,User passwords SHALL NOT be reused.,Admin Log Event,Change Application Setting,Password Management - Enable password reuse,false,rules/00gjdgxs0tbqklj,JK 08-02-23 @ 09:05
-GWS.COMMONCONTROLS.5.6v0.5,User passwords SHALL NOT expire.,Admin Log Event,Change Application Setting,Password Management - Password reset frequency,0,rules/00gjdgxs1k1llys,JK 08-02-23 @ 09:09
-GWS.COMMONCONTROLS.6.1v0.5,All administrative accounts SHALL leverage Google Account authentication with phishing-resistant MFA and not the agency’s authoritative on-premises or federated identity system.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.COMMONCONTROLS.6.2v0.5,A minimum of two and maximum of four separate and distinct Super Admin users SHALL be configured.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.COMMONCONTROLS.7.1v0.5,Account conflict management SHALL be configured to replace conflicting unmanaged accounts with managed ones.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no log event being produced
-GWS.COMMONCONTROLS.8.1v0.5,Account self-recovery for super admins SHALL be disabled.,Admin Log Event,Change Application Setting,AdminAccountRecoverySettingsProto Enable admin account recovery,false,rules/00gjdgxs2rlm6cr,JK 08-02-23 @ 09:16
-GWS.COMMONCONTROLS.8.2v0.5,Account self-recovery for users and non-super admins SHALL be disabled.,Admin Log Event,Change Application Setting,AccountRecoverySettingsProto Enable password recovery,false,N/A,MD 02-24-23 @ 10:38
-GWS.COMMONCONTROLS.8.3v0.5,Ability to add recovery information SHOULD be disabled.,Admin Log Event,Create Application Setting,User recovery info options Collect user recovery phone state,true,N/A,MD 02-20-25 @ 13:23
-GWS.COMMONCONTROLS.8.3v0.5,Ability to add recovery information SHOULD be disabled.,Admin Log Event,Create Application Setting,User recovery info options Collect user recovery email state,true,N/A,MD 02-20-25 @ 13:23
-GWS.COMMONCONTROLS.9.1v0.5,Highly privileged accounts SHALL be enrolled in the GWS Advanced Protection Program.,Admin Log Event,Change Application Setting,Advanced Protection Program Settings - Enable user enrollment,true,rules/00gjdgxs2mq8dv5,JK 08-02-23 @ 09:20
-GWS.COMMONCONTROLS.9.2v0.5,All sensitive user accounts SHOULD be enrolled into the GWS Advanced Protection Program. This control enforces more secure protection of sensitive user accounts from targeted attacks. Sensitive user accounts include political appointees and other Senior Executive Service (SES) officials whose account compromise would pose a level of risk prohibitive to agency mission fulfillment.,Admin Log Event,Change Application Setting,Advanced Protection Program Settings - Enable user enrollment,true,rules/00gjdgxs2mq8dv6,JK 08-02-23 @ 09:21
-GWS.COMMONCONTROLS.10.1v0.5,Agencies SHALL use GWS application access control policies to restrict access to all GWS services by third party apps.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.COMMONCONTROLS.10.2v0.5,Agencies SHALL NOT allow users to consent to access to low-risk scopes.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.COMMONCONTROLS.10.3v0.5,Agencies SHALL NOT trust unconfigured internal apps.,Admin Log Event,"Allow Google Sign-in only third party API access
+GWS.COMMONCONTROLS.1.1v0.6,Phishing-Resistant MFA SHALL be required for all users.,Admin Log Event,Enforce 2-Step Verification,No Setting Name,true,rules/00gjdgxs3twm54g,JK 08-02-23 @ 06:51
+GWS.COMMONCONTROLS.1.2v0.6,"If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.",Admin Log Event,Change Allowed 2-Step Verification Methods,No Setting Name,NO_TELEPHONY,rules/00gjdgxs3t3ug07,JK 08-02-23 @ 14:53
+GWS.COMMONCONTROLS.1.3v0.6,SMS or Voice as the MFA method SHALL NOT be used.,Admin Log Event,Change Allowed 2-Step Verification Methods,No Setting Name,NO_TELEPHONY,rules/00gjdgxs3t3ug07,JK 08-02-23 @ 14:53
+GWS.COMMONCONTROLS.1.4v0.6,New user enrollment period SHALL be set to 1 week.,Admin Log Event,Change 2-Step Verification Enrollment Period Duration,No Setting Name,1 week,rules/00gjdgxs19shvvu,JK 08-02-23 @ 07:04
+GWS.COMMONCONTROLS.1.5v0.6,Allow users to trust the device SHALL be disabled.,Admin Log Event,Change 2-Step Verification Frequency,No Setting Name,ENABLE_USERS_TO_TRUST_DEVICE,rules/00gjdgxs15t2155,JK 08-02-23 @ 07:10
+GWS.COMMONCONTROLS.2.1v0.6,Policies restricting access to GWS based on signals about enterprise devices SHOULD be implemented.,Admin Log Event,Context Aware Access Enablement,No Setting Name,ENABLED,rules/00gjdgxs1qrcqvm,JK 08-02-23 @ 07:49
+GWS.COMMONCONTROLS.2.2v0.6,"Use of context-aware access for more granular controls, including using Advanced Mode (CEL), MAY be maximized and tailored if necessary.",N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.COMMONCONTROLS.3.1v0.6,Post-SSO verification SHOULD be enabled for users signing in using the SSO profile for your organization.,Admin Log Event,Change Application Setting,SsoPolicyProto challenge_selection_behavior,PERFORM_CHALLENGE_SELECTION,rules/00gjdgxs0o76pk2,JK 08-02-23 @ 07:59
+GWS.COMMONCONTROLS.3.2v0.6,Post-SSO verification SHOULD be enabled for users signing in using other SSO profiles.,Admin Log Event,Change Application Setting,SsoPolicyProto sso_profile_challenge_selection_behavior,PERFORM_CHALLENGE_SELECTION,rules/00gjdgxs0o76pk2,JK 08-02-23 @ 07:59
+GWS.COMMONCONTROLS.4.1v0.6,Users SHALL be forced to re-authenticate after an established 12-hour GWS login session has expired.,Admin Log Event,Change Application Setting,Session management settings - Session length in seconds,43200,rules/00gjdgxs1j87x46,JK 08-02-23 @ 08:11
+GWS.COMMONCONTROLS.5.1v0.6,User password strength SHALL be enforced.,Admin Log Event,Change Application Setting,Password Management - Enforce strong password,on,rules/00gjdgxs2rh5fry,JK 08-02-23 @ 08:21
+GWS.COMMONCONTROLS.5.2v0.6,User password length SHALL be at least 12 characters.,Admin Log Event,Change Application Setting,Password Management - Minimum password length,12,rules/00gjdgxs0ogcs3x,JK 08-02-23 @ 08:51
+GWS.COMMONCONTROLS.5.3v0.6,User password length SHOULD be at least 15 characters.,Admin Log Event,Change Application Setting,Password Management - Minimum password length,15,rules/00gjdgxs0ogcs3x,JK 08-02-23 @ 08:51
+GWS.COMMONCONTROLS.5.4v0.6,Password policy SHALL be enforced at next sign-in.,Admin Log Event,Change Application Setting,Password Management - Enforce password policy at next login,true,rules/00gjdgxs0p7tza1,JK 08-02-23 @ 09:00
+GWS.COMMONCONTROLS.5.5v0.6,User passwords SHALL NOT be reused.,Admin Log Event,Change Application Setting,Password Management - Enable password reuse,false,rules/00gjdgxs0tbqklj,JK 08-02-23 @ 09:05
+GWS.COMMONCONTROLS.5.6v0.6,User passwords SHALL NOT expire.,Admin Log Event,Change Application Setting,Password Management - Password reset frequency,0,rules/00gjdgxs1k1llys,JK 08-02-23 @ 09:09
+GWS.COMMONCONTROLS.6.1v0.6,All administrative accounts SHALL leverage Google Account authentication with phishing-resistant MFA and not the agency’s authoritative on-premises or federated identity system.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.COMMONCONTROLS.6.2v0.6,A minimum of two and maximum of four separate and distinct Super Admin users SHALL be configured.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.COMMONCONTROLS.7.1v0.6,Account conflict management SHALL be configured to replace conflicting unmanaged accounts with managed ones.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no log event being produced
+GWS.COMMONCONTROLS.8.1v0.6,Account self-recovery for super admins SHALL be disabled.,Admin Log Event,Change Application Setting,AdminAccountRecoverySettingsProto Enable admin account recovery,false,rules/00gjdgxs2rlm6cr,JK 08-02-23 @ 09:16
+GWS.COMMONCONTROLS.8.2v0.6,Account self-recovery for users and non-super admins SHALL be disabled.,Admin Log Event,Change Application Setting,AccountRecoverySettingsProto Enable password recovery,false,N/A,MD 02-24-23 @ 10:38
+GWS.COMMONCONTROLS.8.3v0.6,Ability to add recovery information SHOULD be disabled.,Admin Log Event,Create Application Setting,User recovery info options Collect user recovery phone state,true,N/A,MD 02-20-25 @ 13:23
+GWS.COMMONCONTROLS.8.3v0.6,Ability to add recovery information SHOULD be disabled.,Admin Log Event,Create Application Setting,User recovery info options Collect user recovery email state,true,N/A,MD 02-20-25 @ 13:23
+GWS.COMMONCONTROLS.9.1v0.6,Highly privileged accounts SHALL be enrolled in the GWS Advanced Protection Program.,Admin Log Event,Change Application Setting,Advanced Protection Program Settings - Enable user enrollment,true,rules/00gjdgxs2mq8dv5,JK 08-02-23 @ 09:20
+GWS.COMMONCONTROLS.9.2v0.6,All sensitive user accounts SHOULD be enrolled into the GWS Advanced Protection Program. This control enforces more secure protection of sensitive user accounts from targeted attacks. Sensitive user accounts include political appointees and other Senior Executive Service (SES) officials whose account compromise would pose a level of risk prohibitive to agency mission fulfillment.,Admin Log Event,Change Application Setting,Advanced Protection Program Settings - Enable user enrollment,true,rules/00gjdgxs2mq8dv6,JK 08-02-23 @ 09:21
+GWS.COMMONCONTROLS.10.1v0.6,Agencies SHALL use GWS application access control policies to restrict access to all GWS services by third party apps.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.COMMONCONTROLS.10.2v0.6,Agencies SHALL NOT allow users to consent to access to low-risk scopes.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.COMMONCONTROLS.10.3v0.6,Agencies SHALL NOT trust unconfigured internal apps.,Admin Log Event,"Allow Google Sign-in only third party API access
 OR
        All third party API access unblocked",No Setting Name,No Value,rules/00gjdgxs0xcbmu1,
-GWS.COMMONCONTROLS.10.4v0.5(a),Agencies SHALL NOT allow users to access unconfigured third-party apps.,Admin Log Event,All third party API access unblocked,No Setting Name,No Value,rules/00gjdgxs0zd46an,JK 09-22-23 @ 14:15 (works only from Don't allow)
-GWS.COMMONCONTROLS.10.4v0.5(b),Agencies SHALL NOT allow users to access unconfigured third-party apps.,Admin Log Event,Allow Google Sign-in only third party API access,No Setting Name,No Value,rules/00gjdgxs3b25o0w,JK 09-22-23 @ 14:15 (works only from Don't allow)
-GWS.COMMONCONTROLS.10.5v0.5,Access to Google Workspace applications by less secure apps that do not meet security standards for authentication SHALL be prevented.,Admin Log Event,Less Secure Apps Access Setting Changed,No Setting Name,DISABLED,rules/00gjdgxs2y7rekk,JK 09-20-23 @ 06:51
-GWS.COMMONCONTROLS.11.1v0.5(a),Only approved Google Workspace Marketplace applications SHOULD be allowed for installation.,Admin Log Event,Change Application Setting,Apps Access Setting Allowlist access,ALLOW_SPECIFIED,rules/00gjdgxs0o3dzli,JK 09-12-23 @ 13:33
-GWS.COMMONCONTROLS.11.1v0.5(b),Only approved Google Workspace Marketplace applications SHALL be allowed for installation.,Admin Log Event,Change Application Setting,Apps Access Setting allow_all_internal_apps,false,rules/00gjdgxs3f0ca00,JK 11-14-23 @ 07:37
-GWS.COMMONCONTROLS.12.1v0.5,Google Takeout services SHALL be disabled for users.,Admin Log Event,Toggle Service Enabled,N/A,false,rules/00gjdgxs3wksszz,JK 09-12-23 @ 13:19
-GWS.COMMONCONTROLS.13.1v0.5,"Required system-defined alerting rules, as listed in the Policy section, SHALL be active, with alerts enabled when available. Any system-defined rules not are considered optional but ought to be reviewed for consideration.",Admin Log Event,System Defined Rule Updated,N/A,N/A,rules/00gjdgxs1x4hrff,Needs Manual Verification of Status
-GWS.COMMONCONTROLS.14.1v0.5,The following critical logs SHALL be sent at a minimum.,Admin Log Event,Change Application Setting,"Data Sharing Settings between GCP and Google Workspace ""Sharing Options""",ENABLED,rules/00gjdgxs0yu1jgq,JK 09-19-23 @ 06:40
-GWS.COMMONCONTROLS.15.1v0.5,The data storage region SHALL be set to be the United States for all users in the agency's GWS environment.,Admin Log Event,Change Application Setting,Location Policy,US,rules/00gjdgxs2k8ieyq,JK 12-05-23 @ 15:57
-GWS.COMMONCONTROLS.15.2v0.5,Data SHALL be processed in the region selected for data at rest.,Admin Log Event,Create Application Setting,DataProcessingRequirementsProto limit_to_storage_location,true,N/A,MD 09-20-24 @ 15:57
-GWS.COMMONCONTROLS.16.1v0.5,Service status for Google services that do not have an individual control SHOULD be set to OFF for everyone.,Admin Log Event,Toggle Service Enabled,DISABLE_UNLISTED_SERVICES, true, N/A, MD 09-12-2024 @ 11:12
-GWS.COMMONCONTROLS.16.2v0.5,Early Access Apps Service Status SHOULD be set to OFF for everyone., Admin Log Event,Toggle Service Enabled,Early Access Apps, false, N/A, MD 09-12-2024 @ 11:16
-GWS.COMMONCONTROLS.17.1v0.5,Require multi party approval for sensitive admin actions SHOULD be enabled., Admin Log Event, Change Application Setting, Multi Party Approval (MPA) Control Multi Party Approval Control, enabled, N/A, MD 09-12-2024 @ 11:20
-GWS.COMMONCONTROLS.18.1v0.5,"A custom policy SHALL be configured for Google Drive to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
-GWS.COMMONCONTROLS.18.2v0.5,"A custom policy SHALL be configured for Google Chat to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
-GWS.COMMONCONTROLS.18.3v0.5,"A custom policy SHALL be configured for Gmail to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
-GWS.COMMONCONTROLS.18.4v0.5,The action for the custom DLP policy SHOULD be set to block external sharing.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
+GWS.COMMONCONTROLS.10.4v0.6(a),Agencies SHALL NOT allow users to access unconfigured third-party apps.,Admin Log Event,All third party API access unblocked,No Setting Name,No Value,rules/00gjdgxs0zd46an,JK 09-22-23 @ 14:15 (works only from Don't allow)
+GWS.COMMONCONTROLS.10.4v0.6(b),Agencies SHALL NOT allow users to access unconfigured third-party apps.,Admin Log Event,Allow Google Sign-in only third party API access,No Setting Name,No Value,rules/00gjdgxs3b25o0w,JK 09-22-23 @ 14:15 (works only from Don't allow)
+GWS.COMMONCONTROLS.10.5v0.6,Access to Google Workspace applications by less secure apps that do not meet security standards for authentication SHALL be prevented.,Admin Log Event,Less Secure Apps Access Setting Changed,No Setting Name,DISABLED,rules/00gjdgxs2y7rekk,JK 09-20-23 @ 06:51
+GWS.COMMONCONTROLS.11.1v0.6(a),Only approved Google Workspace Marketplace applications SHOULD be allowed for installation.,Admin Log Event,Change Application Setting,Apps Access Setting Allowlist access,ALLOW_SPECIFIED,rules/00gjdgxs0o3dzli,JK 09-12-23 @ 13:33
+GWS.COMMONCONTROLS.11.1v0.6(b),Only approved Google Workspace Marketplace applications SHALL be allowed for installation.,Admin Log Event,Change Application Setting,Apps Access Setting allow_all_internal_apps,false,rules/00gjdgxs3f0ca00,JK 11-14-23 @ 07:37
+GWS.COMMONCONTROLS.12.1v0.6,Google Takeout services SHALL be disabled for users.,Admin Log Event,Toggle Service Enabled,N/A,false,rules/00gjdgxs3wksszz,JK 09-12-23 @ 13:19
+GWS.COMMONCONTROLS.13.1v0.6,"Required system-defined alerting rules, as listed in the Policy section, SHALL be active, with alerts enabled when available. Any system-defined rules not are considered optional but ought to be reviewed for consideration.",Admin Log Event,System Defined Rule Updated,N/A,N/A,rules/00gjdgxs1x4hrff,Needs Manual Verification of Status
+GWS.COMMONCONTROLS.14.1v0.6,The following critical logs SHALL be sent at a minimum.,Admin Log Event,Change Application Setting,"Data Sharing Settings between GCP and Google Workspace ""Sharing Options""",ENABLED,rules/00gjdgxs0yu1jgq,JK 09-19-23 @ 06:40
+GWS.COMMONCONTROLS.15.1v0.6,The data storage region SHALL be set to be the United States for all users in the agency's GWS environment.,Admin Log Event,Change Application Setting,Location Policy,US,rules/00gjdgxs2k8ieyq,JK 12-05-23 @ 15:57
+GWS.COMMONCONTROLS.15.2v0.6,Data SHALL be processed in the region selected for data at rest.,Admin Log Event,Create Application Setting,DataProcessingRequirementsProto limit_to_storage_location,true,N/A,MD 09-20-24 @ 15:57
+GWS.COMMONCONTROLS.16.1v0.6,Service status for Google services that do not have an individual control SHOULD be set to OFF for everyone.,Admin Log Event,Toggle Service Enabled,DISABLE_UNLISTED_SERVICES, true, N/A, MD 09-12-2024 @ 11:12
+GWS.COMMONCONTROLS.16.2v0.6,Early Access Apps Service Status SHOULD be set to OFF for everyone., Admin Log Event,Toggle Service Enabled,Early Access Apps, false, N/A, MD 09-12-2024 @ 11:16
+GWS.COMMONCONTROLS.17.1v0.6,Require multi party approval for sensitive admin actions SHOULD be enabled., Admin Log Event, Change Application Setting, Multi Party Approval (MPA) Control Multi Party Approval Control, enabled, N/A, MD 09-12-2024 @ 11:20
+GWS.COMMONCONTROLS.18.1v0.6,"A custom policy SHALL be configured for Google Drive to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
+GWS.COMMONCONTROLS.18.2v0.6,"A custom policy SHALL be configured for Google Chat to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
+GWS.COMMONCONTROLS.18.3v0.6,"A custom policy SHALL be configured for Gmail to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
+GWS.COMMONCONTROLS.18.4v0.6,The action for the custom DLP policy SHOULD be set to block external sharing.,N/A,N/A,N/A,N/A,N/A,Not Alertable due to no specfic log event
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,17 +1,17 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.DRIVEDOCS.1.1v0.5,Agencies SHOULD disable sharing outside of the organization’s domain.,Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_NOT_ALLOWED,rules/00gjdgxs10es4se,JK 08-02-23 @ 12:25
-GWS.DRIVEDOCS.1.2v0.5,"If disabling sharing outside of the organization's domain, then agencies SHALL also disable users' receiving files from outside of the organization's domain.",Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_NOT_ALLOWED,rules/00gjdgxs10es4se,JK 08-02-23 @ 12:26
-GWS.DRIVEDOCS.1.3v0.5,"If sharing outside of the organization, then agencies SHALL enable warnings for users when they are about to share something outside of their domain.",Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_ALLOWED_WITH_WARNING,rules/00gjdgxs0qwshr5,
-GWS.DRIVEDOCS.1.4v0.5,"If sharing outside of the organization, then agencies SHALL disable sharing of files with individuals who are not using a Google account.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no log evemt
-GWS.DRIVEDOCS.1.5v0.5,Agencies SHALL disable making files and published web content visible to anyone with the link.,Admin Log Event,Change Drive Setting,PUBLISHING_TO_WEB,NOT_ALLOWED,rules/00gjdgxs2l9hukl,JK 08-02-23 @ 12:16
-GWS.DRIVEDOCS.1.6v0.5,Agencies SHOULD set access checking to recipients only.,Admin Log Event,Change Drive Setting,SHARING_ACCESS_CHECKER_OPTIONS,DOMAIN_OR_NAMED_PARTIES,rules/00gjdgxs2qv9x6y,JK 08-02-23 @ 12:59
-GWS.DRIVEDOCS.1.7v0.5,Agencies SHALL NOT allow any users to distribute content from an organization-owned shared drive to shared drives owned by another organizations.,Admin Log Event,Change Drive Setting,SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS,CROSS_DOMAIN_FROM_INTERNAL_ONLY,rules/00gjdgxs2bll5l2,JK 09-26-23 @ 09:24
-GWS.DRIVEDOCS.1.8v0.5,Agencies SHALL ensure that newly created items assume the default access level of Private to the Owner.,Admin Log Event,Change Drive Setting,DEFAULT_LINK_SHARING_FOR_NEW_DOCS,PRIVATE,rules/00gjdgxs1jfq3ds,JK 08-02-23 @ 13:28
-GWS.DRIVEDOCS.2.1v0.5,Agencies SHOULD NOT allow members with manager access to override shared drive creation settings.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_admin_only,true,rules/00gjdgxs418trv6,JK 08-02-23 @ 13:44
-GWS.DRIVEDOCS.2.2v0.5,Agencies SHOULD NOT allow users outside of their organization to access files in shared drives.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_cross_domain_access,true,rules/00gjdgxs1o31qud,JK 08-02-23 @ 14:12
-GWS.DRIVEDOCS.2.3v0.5,Agencies SHALL allow users who are not shared drive members to be added to files.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_direct_access,true,rules/00gjdgxs3mcxcll,JK 08-02-23 @ 14:23
-GWS.DRIVEDOCS.2.4v0.5,"Agencies SHALL NOT allow viewers and commenters to download, print, and copy files.",Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_download,true,rules/00gjdgxs18yk89t,JK 08-02-23 @ 14:30
-GWS.DRIVEDOCS.3.1v0.5,Agencies SHALL enable the security update for Drive files.,Admin Log Event,Change Application Setting,Link Security Update Settings less_secure_link_option,REMOVE_LESS_SECURE_LINKS,rules/00gjdgxs0mrpx7o,JK 08-02-23 @ 14:41
-GWS.DRIVEDOCS.4.1v0.5,Agencies SHOULD disable Drive SDK access to restrict information sharing and prevent data leakage.,Admin Log Event,Change Drive Setting,ENABLE_DRIVE_APPS,true,rules/00gjdgxs1mm4n4i,JK 08-02-23 @ 14:49
-GWS.DRIVEDOCS.5.1v0.5,Agencies SHALL disable Add-Ons with the exception of those that are approved within the organization.,Admin Log Event,Change Drive Setting,ENABLE_DOCS_ADD_ONS,false,rules/00gjdgxs4d794jn,JK 08-02-23 @ 15:14
-GWS.DRIVEDOCS.6.1v0.5,Google Drive for Desktop SHOULD be enabled only for authorized devices..,Admin Log Event,Change Application Setting,DriveFsSettingsProto company_owned_only_enabled,true,rules/00gjdgxs4ghyiin,JK 10-19-23 @ 14:01
+GWS.DRIVEDOCS.1.1v0.6,Agencies SHOULD disable sharing outside of the organization’s domain.,Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_NOT_ALLOWED,rules/00gjdgxs10es4se,JK 08-02-23 @ 12:25
+GWS.DRIVEDOCS.1.2v0.6,"If disabling sharing outside of the organization's domain, then agencies SHALL also disable users' receiving files from outside of the organization's domain.",Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_NOT_ALLOWED,rules/00gjdgxs10es4se,JK 08-02-23 @ 12:26
+GWS.DRIVEDOCS.1.3v0.6,"If sharing outside of the organization, then agencies SHALL enable warnings for users when they are about to share something outside of their domain.",Admin Log Event,Change Drive Setting,SHARING_OUTSIDE_DOMAIN,SHARING_ALLOWED_WITH_WARNING,rules/00gjdgxs0qwshr5,
+GWS.DRIVEDOCS.1.4v0.6,"If sharing outside of the organization, then agencies SHALL disable sharing of files with individuals who are not using a Google account.",N/A,N/A,N/A,N/A,N/A,Not Alertable due to no log evemt
+GWS.DRIVEDOCS.1.5v0.6,Agencies SHALL disable making files and published web content visible to anyone with the link.,Admin Log Event,Change Drive Setting,PUBLISHING_TO_WEB,NOT_ALLOWED,rules/00gjdgxs2l9hukl,JK 08-02-23 @ 12:16
+GWS.DRIVEDOCS.1.6v0.6,Agencies SHOULD set access checking to recipients only.,Admin Log Event,Change Drive Setting,SHARING_ACCESS_CHECKER_OPTIONS,DOMAIN_OR_NAMED_PARTIES,rules/00gjdgxs2qv9x6y,JK 08-02-23 @ 12:59
+GWS.DRIVEDOCS.1.7v0.6,Agencies SHALL NOT allow any users to distribute content from an organization-owned shared drive to shared drives owned by another organizations.,Admin Log Event,Change Drive Setting,SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS,CROSS_DOMAIN_FROM_INTERNAL_ONLY,rules/00gjdgxs2bll5l2,JK 09-26-23 @ 09:24
+GWS.DRIVEDOCS.1.8v0.6,Agencies SHALL ensure that newly created items assume the default access level of Private to the Owner.,Admin Log Event,Change Drive Setting,DEFAULT_LINK_SHARING_FOR_NEW_DOCS,PRIVATE,rules/00gjdgxs1jfq3ds,JK 08-02-23 @ 13:28
+GWS.DRIVEDOCS.2.1v0.6,Agencies SHOULD NOT allow members with manager access to override shared drive creation settings.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_admin_only,true,rules/00gjdgxs418trv6,JK 08-02-23 @ 13:44
+GWS.DRIVEDOCS.2.2v0.6,Agencies SHOULD NOT allow users outside of their organization to access files in shared drives.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_cross_domain_access,true,rules/00gjdgxs1o31qud,JK 08-02-23 @ 14:12
+GWS.DRIVEDOCS.2.3v0.6,Agencies SHALL allow users who are not shared drive members to be added to files.,Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_direct_access,true,rules/00gjdgxs3mcxcll,JK 08-02-23 @ 14:23
+GWS.DRIVEDOCS.2.4v0.6,"Agencies SHALL NOT allow viewers and commenters to download, print, and copy files.",Admin Log Event,Change Application Setting,Shared Drive Creation new_team_drive_restricts_download,true,rules/00gjdgxs18yk89t,JK 08-02-23 @ 14:30
+GWS.DRIVEDOCS.3.1v0.6,Agencies SHALL enable the security update for Drive files.,Admin Log Event,Change Application Setting,Link Security Update Settings less_secure_link_option,REMOVE_LESS_SECURE_LINKS,rules/00gjdgxs0mrpx7o,JK 08-02-23 @ 14:41
+GWS.DRIVEDOCS.4.1v0.6,Agencies SHOULD disable Drive SDK access to restrict information sharing and prevent data leakage.,Admin Log Event,Change Drive Setting,ENABLE_DRIVE_APPS,true,rules/00gjdgxs1mm4n4i,JK 08-02-23 @ 14:49
+GWS.DRIVEDOCS.5.1v0.6,Agencies SHALL disable Add-Ons with the exception of those that are approved within the organization.,Admin Log Event,Change Drive Setting,ENABLE_DOCS_ADD_ONS,false,rules/00gjdgxs4d794jn,JK 08-02-23 @ 15:14
+GWS.DRIVEDOCS.6.1v0.6,Google Drive for Desktop SHOULD be enabled only for authorized devices..,Admin Log Event,Change Application Setting,DriveFsSettingsProto company_owned_only_enabled,true,rules/00gjdgxs4ghyiin,JK 10-19-23 @ 14:01
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,51 +1,51 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.GMAIL.1.1v0.5,Mail delegation SHALL be disabled for all users by default.,Admin Log Event,Change Email Setting,ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN,false,rules/00gjdgxs1dj2igu,JK 07-28-223 @ 13:40
-GWS.GMAIL.2.1v0.5,DKIM SHOULD be enabled for agencies’ mail enabled domain.,No Log,No Log,No Log,No Log,No Log,Cannot create rule due to no log event generated
-GWS.GMAIL.3.1v0.5,Agencies SHALL determine which IP addresses are approved senders for their domain(s).,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.3.2v0.5,Agencies SHALL publish SPF policy(s) that designate these (and only these) addresses as approved senders for their domain(s).,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.4.1v0.5,Agencies SHALL publish a DMARC policy.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.4.2v0.5,"Agencies SHALL set their policy to message rejection (i.e., “p=reject”).",N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.4.3v0.5,Agencies SHALL include reports@dmarc.cyber.dhs.gov as a point of contact for aggregate reports.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.4.4v0.5,Agencies SHOULD include an agency point of contact for aggregate and/or failure reports in their policy.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.5.1v0.5,Protect against encrypted attachments from untrusted senders SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: protect against encrypted attachments from untrusted senders,true,rules/00gjdgxs0qglwig,JK 07-31-23 @ 06:54
-GWS.GMAIL.5.2v0.5,Protect against attachments with scripts from untrusted senders SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: protect against attachments with scripts from untrusted senders,true,rules/00gjdgxs3ag9f69,JK 07-31-23 @ 06:54
-GWS.GMAIL.5.3v0.5,Protect against anomalous attachment types in emails SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: Protect against anomalous attachment types in emails,true,rules/00gjdgxs1rx81d3,JK 07-31-23 @ 07:05
-GWS.GMAIL.5.4v0.5,Google SHOULD be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Attachment safety Enable: automatically enables all future added settings,true,rules/00gjdgxs13a7n9n,JK 07-31-23 @ 07:15
-GWS.GMAIL.5.5v0.5(a),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Encrypted attachment protection setting action,Show warning,rules/00gjdgxs0hkfqd2,JK 07-31-23 @ 07:42
-GWS.GMAIL.5.5v0.5(b),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Attachment with scripts protection action,Show warning,rules/00gjdgxs0qfhyzm,JK 07-31-23 @ 07:42
-GWS.GMAIL.5.5v0.5(c),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Anomalous attachment protection setting action,Show warning,rules/00gjdgxs3hwhm6r,JK 07-31-23 @ 07:42
-GWS.GMAIL.5.6v0.5,Any third-party or outside application selected for attachment protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.6.1v0.5,Identify links behind shortened URLs SHALL be Enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: identify links behind shortened URLs,true,rules/00gjdgxs3af5hnf,JK 07-31-23 @ 08:00
-GWS.GMAIL.6.2v0.5,Scan linked images SHALL be enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: scan linked images,true,rules/00gjdgxs44inn5a,JK 07-31-23 @ 08:08
-GWS.GMAIL.6.3v0.5,Show warning prompt for any click on links to untrusted domains SHALL be enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: show warning prompt for click on links to unstrusted domains,true,rules/00gjdgxs2jnxxd3,JK 07-31-23 @ 08:22
-GWS.GMAIL.6.4v0.5,Google SHALL be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Links and external images safety Enable: automatically enables all future added settings,true,rules/00gjdgxs4hxtj4b,JK 07-31-23 @ 08:33
-GWS.GMAIL.6.5v0.5,Any third-party or outside application selected for links and external images protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.7.1v0.5,Protect against domain spoofing based on similar domain names SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names,true,rules/00gjdgxs324jgpv,JK 07-31-23 @ 08:55
-GWS.GMAIL.7.2v0.5,Protect against spoofing of employee names SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against spoofing of employee names,true,rules/00gjdgxs3w81m7q,JK 07-31-23 @ 08:55
-GWS.GMAIL.7.3v0.5,Protect against inbound emails spoofing your domain SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain,true,rules/00gjdgxs226brg1,JK 07-31-23 @ 08:55
-GWS.GMAIL.7.4v0.5,Protect against any unauthenticated emails.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against any unauthenticated emails,true,rules/00gjdgxs3ai9pb5,JK 07-31-23 @ 08:55
-GWS.GMAIL.7.5v0.5,Protect your Groups from inbound emails spoofing your domain.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain,true,rules/00gjdgxs2dw9t9x,JK 07-31-23 @ 08:55
-GWS.GMAIL.7.6v0.5(a),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against domain spoofing based on similar domain names action,Show warning,rules/00gjdgxs0sndbln,JK 07-31-23 @ 10:10
-GWS.GMAIL.7.6v0.5(b),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against spoofing of employee names action,Show warning,rules/00gjdgxs2flhnf2,JK 07-31-23 @ 10:10
-GWS.GMAIL.7.6v0.5(c),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against inbound emails spoofing your domain action,Show warning,rules/00gjdgxs0uqrxmv,JK 07-31-23 @ 10:10
-GWS.GMAIL.7.6v0.5(d),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against any unauthenticated emails action,Show warning,rules/00gjdgxs1jhp3jp,JK 07-31-23 @ 10:10
-GWS.GMAIL.7.6v0.5(e),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain - group type,All groups,rules/00gjdgxs3793brc,JK 07-31-23 @ 10:14
-GWS.GMAIL.7.6v0.5(f),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action,Show warning,rules/00gjdgxs1jvvvfs,JK 07-31-23 @ 10:20
-GWS.GMAIL.7.7v0.5,Google SHALL be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: automatically enables all future added settings,true,rules/00gjdgxs2puldi0,JK 07-31-23 @ 10:26
-GWS.GMAIL.7.8v0.5,Any third-party or outside application selected for spoofing and authentication protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.8.1v0.5,User email uploads SHALL be disabled to protect against unauthorized files being introduced into the secured environment.,Admin Log Event,Change Email Setting,ENABLE_EMAIL_USER_IMPORT,false,rules/00gjdgxs1vu7fnv,JK 07-31-23 @ 10:52
-GWS.GMAIL.9.1v0.5(a),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,IMAP_ACCESS,DISABLED,rules/00gjdgxs3ynriy0,JK 07-31-23 @ 11:07
-GWS.GMAIL.9.1v0.5(b),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,ENABLE_POP_ACCESS,false,rules/00gjdgxs16dhzcn,JK 07-31-23 @ 11:07
-GWS.GMAIL.10.1v0.5,Google Workspace Sync SHOULD be disabled.,Admin Log Event,Change Email Setting,ENABLE_OUTLOOK_SYNC,false,rules/00gjdgxs2caikn5,JK 07-31-23 @ 11:39
-GWS.GMAIL.11.1v0.5,"Automatic forwarding SHOULD be disabled, especially to external domains.",Admin Log Event,Change Email Setting,ENABLE_EMAIL_AUTOFORWARDING,false,rules/00gjdgxs3bfgdir,JK 07-31-23 @ 11:50
-GWS.GMAIL.12.1v0.5,Using a per-user outbound gateway that is a mail server other than the Google Workspace mail servers SHALL be disabled.,Admin Log Event,Change Email Setting,OUTBOUND_RELAY_ENABLED,false,rules/00gjdgxs0wkcpwf,JK 07-31-23 @ 11:38
-GWS.GMAIL.13.1v0.5,Unintended external reply warnings SHALL be enabled,Admin Log Event,Change Application Setting,OutOfDomainWarningProto disable_untrusted_recipient_warning,true,rules/00gjdgxs0o6v2pe,JK 07-31-23 @ 13:56
-GWS.GMAIL.14.1v0.5,An email allowlist SHOULD not be implemented.,Admin Log Event,Change Email Setting,EMAIL_SPAM_ALLOWLIST,[],rules/00gjdgxs17hggqa,JK 08-01-23 @ 11:36
-GWS.GMAIL.15.1v0.5,Enhanced pre-delivery message scanning SHALL be enabled to prevent phishing.,Admin Log Event,Change Application Setting,DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email,true,rules/00gjdgxs0z436wh,JK 07-13-23 @ 15:18
-GWS.GMAIL.15.2v0.5,Any third-party or outside application selected for enhanced pre-delivery message scanning SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.16.1v0.5,Security sandbox SHOULD be enabled to provide additional protections for their email messages.,Admin Log Event,Change Application Setting,AttachmentDeepScanningSettingsProto deep_scanning_enabled,true,rules/00gjdgxs2e64nj2,JK 07-13-23 @ 15:42
-GWS.GMAIL.16.2v0.5,Any third-party or outside application selected for security sandbox SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
-GWS.GMAIL.17.1v0.5,Comprehensive mail storage SHOULD be enabled to ensure information can be tracked across applications.,Admin Log Event,Change Gmail Setting,COMPREHENSIVE_MAIL_STORAGE,No Value,rules/00gjdgxs388y21u,
-GWS.GMAIL.18.1v0.5,Domains SHALL NOT be added to lists that bypass spam filters.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
-GWS.GMAIL.18.2v0.5,Domains SHALL NOT be added to lists that bypass spam filters and hide warnings.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
-GWS.GMAIL.18.3v0.5,Bypass spam filters and hide warnings for all messages from internal and external senders SHALL NOT be enabled.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
+GWS.GMAIL.1.1v0.6,Mail delegation SHALL be disabled for all users by default.,Admin Log Event,Change Email Setting,ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN,false,rules/00gjdgxs1dj2igu,JK 07-28-223 @ 13:40
+GWS.GMAIL.2.1v0.6,DKIM SHOULD be enabled for agencies’ mail enabled domain.,No Log,No Log,No Log,No Log,No Log,Cannot create rule due to no log event generated
+GWS.GMAIL.3.1v0.6,Agencies SHALL determine which IP addresses are approved senders for their domain(s).,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.3.2v0.6,Agencies SHALL publish SPF policy(s) that designate these (and only these) addresses as approved senders for their domain(s).,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.4.1v0.6,Agencies SHALL publish a DMARC policy.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.4.2v0.6,"Agencies SHALL set their policy to message rejection (i.e., “p=reject”).",N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.4.3v0.6,Agencies SHALL include reports@dmarc.cyber.dhs.gov as a point of contact for aggregate reports.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.4.4v0.6,Agencies SHOULD include an agency point of contact for aggregate and/or failure reports in their policy.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.5.1v0.6,Protect against encrypted attachments from untrusted senders SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: protect against encrypted attachments from untrusted senders,true,rules/00gjdgxs0qglwig,JK 07-31-23 @ 06:54
+GWS.GMAIL.5.2v0.6,Protect against attachments with scripts from untrusted senders SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: protect against attachments with scripts from untrusted senders,true,rules/00gjdgxs3ag9f69,JK 07-31-23 @ 06:54
+GWS.GMAIL.5.3v0.6,Protect against anomalous attachment types in emails SHALL be enabled.,Admin Log Event,Change Application Setting,Attachment safety Enable: Protect against anomalous attachment types in emails,true,rules/00gjdgxs1rx81d3,JK 07-31-23 @ 07:05
+GWS.GMAIL.5.4v0.6,Google SHOULD be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Attachment safety Enable: automatically enables all future added settings,true,rules/00gjdgxs13a7n9n,JK 07-31-23 @ 07:15
+GWS.GMAIL.5.5v0.6(a),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Encrypted attachment protection setting action,Show warning,rules/00gjdgxs0hkfqd2,JK 07-31-23 @ 07:42
+GWS.GMAIL.5.5v0.6(b),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Attachment with scripts protection action,Show warning,rules/00gjdgxs0qfhyzm,JK 07-31-23 @ 07:42
+GWS.GMAIL.5.5v0.6(c),"At the least, email SHOULD be kept in the inbox and show warning labels for attachment protection controls.",Admin Log Event,Change Application Setting,Attachment safety Anomalous attachment protection setting action,Show warning,rules/00gjdgxs3hwhm6r,JK 07-31-23 @ 07:42
+GWS.GMAIL.5.6v0.6,Any third-party or outside application selected for attachment protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.6.1v0.6,Identify links behind shortened URLs SHALL be Enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: identify links behind shortened URLs,true,rules/00gjdgxs3af5hnf,JK 07-31-23 @ 08:00
+GWS.GMAIL.6.2v0.6,Scan linked images SHALL be enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: scan linked images,true,rules/00gjdgxs44inn5a,JK 07-31-23 @ 08:08
+GWS.GMAIL.6.3v0.6,Show warning prompt for any click on links to untrusted domains SHALL be enabled.,Admin Log Event,Change Application Setting,Links and external images safety Enable: show warning prompt for click on links to unstrusted domains,true,rules/00gjdgxs2jnxxd3,JK 07-31-23 @ 08:22
+GWS.GMAIL.6.4v0.6,Google SHALL be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Links and external images safety Enable: automatically enables all future added settings,true,rules/00gjdgxs4hxtj4b,JK 07-31-23 @ 08:33
+GWS.GMAIL.6.5v0.6,Any third-party or outside application selected for links and external images protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.7.1v0.6,Protect against domain spoofing based on similar domain names SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names,true,rules/00gjdgxs324jgpv,JK 07-31-23 @ 08:55
+GWS.GMAIL.7.2v0.6,Protect against spoofing of employee names SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against spoofing of employee names,true,rules/00gjdgxs3w81m7q,JK 07-31-23 @ 08:55
+GWS.GMAIL.7.3v0.6,Protect against inbound emails spoofing your domain SHALL be enabled.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain,true,rules/00gjdgxs226brg1,JK 07-31-23 @ 08:55
+GWS.GMAIL.7.4v0.6,Protect against any unauthenticated emails.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect against any unauthenticated emails,true,rules/00gjdgxs3ai9pb5,JK 07-31-23 @ 08:55
+GWS.GMAIL.7.5v0.6,Protect your Groups from inbound emails spoofing your domain.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain,true,rules/00gjdgxs2dw9t9x,JK 07-31-23 @ 08:55
+GWS.GMAIL.7.6v0.6(a),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against domain spoofing based on similar domain names action,Show warning,rules/00gjdgxs0sndbln,JK 07-31-23 @ 10:10
+GWS.GMAIL.7.6v0.6(b),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against spoofing of employee names action,Show warning,rules/00gjdgxs2flhnf2,JK 07-31-23 @ 10:10
+GWS.GMAIL.7.6v0.6(c),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against inbound emails spoofing your domain action,Show warning,rules/00gjdgxs0uqrxmv,JK 07-31-23 @ 10:10
+GWS.GMAIL.7.6v0.6(d),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect against any unauthenticated emails action,Show warning,rules/00gjdgxs1jhp3jp,JK 07-31-23 @ 10:10
+GWS.GMAIL.7.6v0.6(e),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain - group type,All groups,rules/00gjdgxs3793brc,JK 07-31-23 @ 10:14
+GWS.GMAIL.7.6v0.6(f),"At the least, email SHOULD be kept in the inbox and show warning labels for spoofing and authentication controls.",Admin Log Event,Change Application Setting,Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action,Show warning,rules/00gjdgxs1jvvvfs,JK 07-31-23 @ 10:20
+GWS.GMAIL.7.7v0.6,Google SHALL be allowed to automatically apply future recommended settings.,Admin Log Event,Change Application Setting,Spoofing and authentication safety Enable: automatically enables all future added settings,true,rules/00gjdgxs2puldi0,JK 07-31-23 @ 10:26
+GWS.GMAIL.7.8v0.6,Any third-party or outside application selected for spoofing and authentication protection SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.8.1v0.6,User email uploads SHALL be disabled to protect against unauthorized files being introduced into the secured environment.,Admin Log Event,Change Email Setting,ENABLE_EMAIL_USER_IMPORT,false,rules/00gjdgxs1vu7fnv,JK 07-31-23 @ 10:52
+GWS.GMAIL.9.1v0.6(a),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,IMAP_ACCESS,DISABLED,rules/00gjdgxs3ynriy0,JK 07-31-23 @ 11:07
+GWS.GMAIL.9.1v0.6(b),POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.,Admin Log Event,Change Email Setting,ENABLE_POP_ACCESS,false,rules/00gjdgxs16dhzcn,JK 07-31-23 @ 11:07
+GWS.GMAIL.10.1v0.6,Google Workspace Sync SHOULD be disabled.,Admin Log Event,Change Email Setting,ENABLE_OUTLOOK_SYNC,false,rules/00gjdgxs2caikn5,JK 07-31-23 @ 11:39
+GWS.GMAIL.11.1v0.6,"Automatic forwarding SHOULD be disabled, especially to external domains.",Admin Log Event,Change Email Setting,ENABLE_EMAIL_AUTOFORWARDING,false,rules/00gjdgxs3bfgdir,JK 07-31-23 @ 11:50
+GWS.GMAIL.12.1v0.6,Using a per-user outbound gateway that is a mail server other than the Google Workspace mail servers SHALL be disabled.,Admin Log Event,Change Email Setting,OUTBOUND_RELAY_ENABLED,false,rules/00gjdgxs0wkcpwf,JK 07-31-23 @ 11:38
+GWS.GMAIL.13.1v0.6,Unintended external reply warnings SHALL be enabled,Admin Log Event,Change Application Setting,OutOfDomainWarningProto disable_untrusted_recipient_warning,true,rules/00gjdgxs0o6v2pe,JK 07-31-23 @ 13:56
+GWS.GMAIL.14.1v0.6,An email allowlist SHOULD not be implemented.,Admin Log Event,Change Email Setting,EMAIL_SPAM_ALLOWLIST,[],rules/00gjdgxs17hggqa,JK 08-01-23 @ 11:36
+GWS.GMAIL.15.1v0.6,Enhanced pre-delivery message scanning SHALL be enabled to prevent phishing.,Admin Log Event,Change Application Setting,DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email,true,rules/00gjdgxs0z436wh,JK 07-13-23 @ 15:18
+GWS.GMAIL.15.2v0.6,Any third-party or outside application selected for enhanced pre-delivery message scanning SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.16.1v0.6,Security sandbox SHOULD be enabled to provide additional protections for their email messages.,Admin Log Event,Change Application Setting,AttachmentDeepScanningSettingsProto deep_scanning_enabled,true,rules/00gjdgxs2e64nj2,JK 07-13-23 @ 15:42
+GWS.GMAIL.16.2v0.6,Any third-party or outside application selected for security sandbox SHOULD offer services comparable to those offered by Google Workspace.,N/A,N/A,N/A,N/A,N/A,Not Alertable
+GWS.GMAIL.17.1v0.6,Comprehensive mail storage SHOULD be enabled to ensure information can be tracked across applications.,Admin Log Event,Change Gmail Setting,COMPREHENSIVE_MAIL_STORAGE,No Value,rules/00gjdgxs388y21u,
+GWS.GMAIL.18.1v0.6,Domains SHALL NOT be added to lists that bypass spam filters.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
+GWS.GMAIL.18.2v0.6,Domains SHALL NOT be added to lists that bypass spam filters and hide warnings.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
+GWS.GMAIL.18.3v0.6,Bypass spam filters and hide warnings for all messages from internal and external senders SHALL NOT be enabled.,Admin Log Event,Change Gmail Setting,SPAM_CONTROL,N/A,rules/00gjdgxs12jr6zt,JGK 04-11-24 @ 09:45
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,7 +1,7 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.GROUPS.1.1v0.5,Group access from outside the organization SHALL be disabled unless explicitly granted by the group owner.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto collaboration_policy,CLOSED,rules/00gjdgxs2kgaq5a,JK 08-01-23 @ 14:13
-GWS.GROUPS.1.2v0.5,Group owners’ ability to add external members to groups SHOULD be disabled unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto owners_can_allow_external_members,false,rules/00gjdgxs4b8984a,JK 08-01-23 @ 14:41
-GWS.GROUPS.1.3v0.5,"Group owners’ ability to allow posting to a group by an external, non-group member SHOULD be disabled unless necessary for agency mission fulfillment.",Admin Log Event,Change Application Setting,GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public,false,rules/00gjdgxs0lw54bd,JK 08-01-23 @ 14:52
-GWS.GROUPS.2.1v0.5,Group creation SHOULD be restricted to admins within the organization unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto who_can_create_groups,ADMIN_ONLY,rules/00gjdgxs35vsmz6,JK 08-01-23 @ 15:06
-GWS.GROUPS.3.1v0.5,The default permission to view conversations SHALL be set to All Group Members.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto default_view_topics_access_level,MEMBERS,rules/00gjdgxs24dq6r2,JK 08-01-23 @ 15:14
-GWS.GROUPS.4.1v0.5,Group owners’ ability to hide groups from the directory SHOULD be disabled unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto allow_unlisted_groups,false,rules/00gjdgxs0zbb0ae,JK 08-01-23 @ 15:22
+GWS.GROUPS.1.1v0.6,Group access from outside the organization SHALL be disabled unless explicitly granted by the group owner.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto collaboration_policy,CLOSED,rules/00gjdgxs2kgaq5a,JK 08-01-23 @ 14:13
+GWS.GROUPS.1.2v0.6,Group owners’ ability to add external members to groups SHOULD be disabled unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto owners_can_allow_external_members,false,rules/00gjdgxs4b8984a,JK 08-01-23 @ 14:41
+GWS.GROUPS.1.3v0.6,"Group owners’ ability to allow posting to a group by an external, non-group member SHOULD be disabled unless necessary for agency mission fulfillment.",Admin Log Event,Change Application Setting,GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public,false,rules/00gjdgxs0lw54bd,JK 08-01-23 @ 14:52
+GWS.GROUPS.2.1v0.6,Group creation SHOULD be restricted to admins within the organization unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto who_can_create_groups,ADMIN_ONLY,rules/00gjdgxs35vsmz6,JK 08-01-23 @ 15:06
+GWS.GROUPS.3.1v0.6,The default permission to view conversations SHALL be set to All Group Members.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto default_view_topics_access_level,MEMBERS,rules/00gjdgxs24dq6r2,JK 08-01-23 @ 15:14
+GWS.GROUPS.4.1v0.6,Group owners’ ability to hide groups from the directory SHOULD be disabled unless necessary for agency mission fulfillment.,Admin Log Event,Change Application Setting,GroupsSharingSettingsProto allow_unlisted_groups,false,rules/00gjdgxs0zbb0ae,JK 08-01-23 @ 15:22
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,6 +1,6 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.MEET.1.1v0.5,Meeting access SHALL be restricted to users signed in with a Google Account or Dialing in using a phone.,Admin Log Event,Change Application Setting,SafetyDomainLockProto users_allowed_to_join,LOGGED_IN,rules/00gjdgxs1wv8d7g,JK 08-02-23 @ 15:58
-GWS.MEET.2.1v0.5,Meeting access SHALL be disabled for meetings created by users who are not members of any Google Workspace tenant or organization.,Admin Log Event,Change Application Setting,SafetyAccessLockProto meetings_allowed_to_join,WORKSPACE_DOMAINS,rules/00gjdgxs0rw9s95,JK 08-02-23 @ 16:02
-GWS.MEET.3.1v0.5,Host Management meeting features SHALL be enabled so that they are available by default when a host starts their meeting.,Admin Log Event,Change Application Setting,SafetyModerationLockProto host_management_enabled,true,rules/00gjdgxs3bvxawy,JK 08-02-23 @ 16:05
-GWS.MEET.4.1v0.5,Warn for external participants SHALL be enabled.,Admin Log Event,Change Application Setting,Warn for external participants External or unidentified participants in a meeting are given a label,true,rules/00gjdgxs2yp7uet,JK 10-16-23 @ 07:32
-GWS.MEET.5.1v0.5,Users receive calls only from contacts and other users in the organization SHALL be selected.,Admin Log Event,Change Application Setting,Incoming call restrictions Allowed caller type,CONTACTS_AND_SAME_DOMAIN,rules/00gjdgxs188dve6,MD 06-11-24 @ 12:30
+GWS.MEET.1.1v0.6,Meeting access SHALL be restricted to users signed in with a Google Account or Dialing in using a phone.,Admin Log Event,Change Application Setting,SafetyDomainLockProto users_allowed_to_join,LOGGED_IN,rules/00gjdgxs1wv8d7g,JK 08-02-23 @ 15:58
+GWS.MEET.2.1v0.6,Meeting access SHALL be disabled for meetings created by users who are not members of any Google Workspace tenant or organization.,Admin Log Event,Change Application Setting,SafetyAccessLockProto meetings_allowed_to_join,WORKSPACE_DOMAINS,rules/00gjdgxs0rw9s95,JK 08-02-23 @ 16:02
+GWS.MEET.3.1v0.6,Host Management meeting features SHALL be enabled so that they are available by default when a host starts their meeting.,Admin Log Event,Change Application Setting,SafetyModerationLockProto host_management_enabled,true,rules/00gjdgxs3bvxawy,JK 08-02-23 @ 16:05
+GWS.MEET.4.1v0.6,Warn for external participants SHALL be enabled.,Admin Log Event,Change Application Setting,Warn for external participants External or unidentified participants in a meeting are given a label,true,rules/00gjdgxs2yp7uet,JK 10-16-23 @ 07:32
+GWS.MEET.5.1v0.6,Users receive calls only from contacts and other users in the organization SHALL be selected.,Admin Log Event,Change Application Setting,Incoming call restrictions Allowed caller type,CONTACTS_AND_SAME_DOMAIN,rules/00gjdgxs188dve6,MD 06-11-24 @ 12:30
--- a/drift-rules/GWS
+++ b/drift-rules/GWS
@@ -1,2 +1,2 @@
 PolicyId,Name,Data Source,Event (Is),Setting Name (Is),New Value (Is Not),Rule ID,Last Successful Test
-GWS.SITES.1.1v0.5,Sites Service SHOULD be disabled for all users.,Admin Log Event,Toggle Service Enabled,No Setting Name,FALSE,rules/00gjdgxs3gdgxe3,JK 07-28-23 @ 11:12
+GWS.SITES.1.1v0.6,Sites Service SHOULD be disabled for all users.,Admin Log Event,Toggle Service Enabled,No Setting Name,FALSE,rules/00gjdgxs3gdgxe3,JK 07-28-23 @ 11:12
--- a/scubagoggles/baselines/chat.md
+++ b/scubagoggles/baselines/chat.md
@@ -36,7 +36,7 @@ This section covers chat history retention for users within the organization and

 ### Policies

-#### GWS.CHAT.1.1v0.5
+#### GWS.CHAT.1.1v0.6
 Chat history SHALL be enabled for information traceability.

 - _Rationale:_ Users engaged in Google Chat may inadvertently share sensitive or private information during conversations and details discussed in chats may be crucial for future reference or dispute resolution. Enabling chat history for Google Chat may mitigate these risks by providing a traceable record of all conversations, enhancing information accountability and security.
@@ -46,7 +46,7 @@ Chat history SHALL be enabled for information traceability.
  - [T1562: Impair Defenses](https://attack.mitre.org/techniques/T1562/)
    - [T1562:001: Impair Defenses: Disable or Modify Tools](https://attack.mitre.org/techniques/T1562/001/)

-#### GWS.CHAT.1.2v0.5
+#### GWS.CHAT.1.2v0.6
 Users SHALL NOT be allowed to change their history setting.

 - _Rationale:_ Altering the history settings in Google Chat can potentially allow users to obfuscate the sharing of sensitive information via Chat. This policy ensures that all chat histories are preserved, enhancing data security and promoting accountability among users.
@@ -68,14 +68,14 @@ Users SHALL NOT be allowed to change their history setting.

 To configure the settings for History for chats:

-#### GWS.CHAT.1.1v0.5 Instructions
+#### GWS.CHAT.1.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Chat**.
 3.  Select **History for chats**.
 4.  Select **History is ON**.
 5.  Select **Save**

-#### GWS.CHAT.1.2v0.5 Instructions
+#### GWS.CHAT.1.2v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Chat**.
 3.  Select **History for chats**.
@@ -88,7 +88,7 @@ This section covers what types of files users are allowed to share external to t

 ### Policies

-#### GWS.CHAT.2.1v0.5
+#### GWS.CHAT.2.1v0.6
 External file sharing SHALL be disabled to protect sensitive information from unauthorized or accidental sharing.

 - _Rationale:_ Enabling external file sharing in Google Chat opens an additional avenue for data loss, one that may not be as rigorously monitored or protected as traditional collaboration channels, such as email. This policy limits the potential for unauthorized or accidental sharing.
@@ -110,7 +110,7 @@ External file sharing SHALL be disabled to protect sensitive information from un

 To configure the settings for External filesharing:

-#### GWS.CHAT.2.1v0.5 Instructions
+#### GWS.CHAT.2.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Chat**.
 3.  Select **Chat File Sharing**.
@@ -123,7 +123,7 @@ This section covers whether chat history is retained by default for users within

 ### Policies

-#### GWS.CHAT.3.1v0.5
+#### GWS.CHAT.3.1v0.6
 Space history SHOULD be enabled for traceability of information.

 - _Rationale:_ Users engaged in Google Chat may inadvertently share sensitive or private information during conversations. Details discussed in chats may be crucial for future reference or dispute resolution. Enabling chat history for Google Chat may mitigate these risks by providing a traceable record of all conversations, enhancing information accountability and security.
@@ -145,7 +145,7 @@ Space history SHOULD be enabled for traceability of information.

 To configure the settings for History for spaces:

-#### GWS.CHAT.3.1v0.5 Instructions
+#### GWS.CHAT.3.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Chat**.
 3.  Select **History for spaces**.
@@ -158,7 +158,7 @@ This section permits users to send Chat messages outside of their organization,

 ### Policies

-#### GWS.CHAT.4.1v0.5
+#### GWS.CHAT.4.1v0.6
 External Chat messaging SHALL be restricted to allowlisted domains only.

 - _Rationale:_ Allowing external chat messaging in Google Chat to unrestricted domains opens additional avenues for data exfiltration, increasing the risk of data leakage. By restricting external chat messaging to allowlisted domains only, the risk of sensitive information being distributed outside the organization without explicit consent and approval is minimized.
@@ -181,7 +181,7 @@ External Chat messaging SHALL be restricted to allowlisted domains only.

 To configure the settings for External Chat:

-#### GWS.CHAT.4.1v0.5 Instructions
+#### GWS.CHAT.4.1v0.6 Instructions
 To enable external chat for allowlisted domains only:
 1. Sign in to the [Google Admin Console](https://admin.google.com).
 2. Select **Apps** -\> **Google Workspace** -\> **Google Chat**.
@@ -205,7 +205,7 @@ This section covers the content reporting functionality, a feature that allows u

 ### Policies

-#### GWS.CHAT.5.1v0.5
+#### GWS.CHAT.5.1v0.6
 Chat content reporting SHALL be enabled for all conversation types.

 - _Rationale:_ Chat messages could potentially be used as an avenue for phishing, malware distribution, or other security risks. Enabling this feature allows users to report any suspicious messages to workspace admins, increasing threat awareness and facilitating threat mitigation. By selecting all conversation types, agencies help ensure that their users are able to report risky messages regardless of the conversation type.
@@ -214,7 +214,7 @@ Chat content reporting SHALL be enabled for all conversation types.
 - MITRE ATT&CK TTP Mapping
  - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

-#### GWS.CHAT.5.2v0.5
+#### GWS.CHAT.5.2v0.6
 All reporting message categories SHOULD be selected.

 - _Rationale:_ Users may be uncertain what kind of messages should be reported. Enabling all message categories can help users infer which types of messages should be reported.
@@ -231,7 +231,7 @@ All reporting message categories SHOULD be selected.

 ### Implementation

-#### GWS.CHAT.5.1v0.5 Instructions
+#### GWS.CHAT.5.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Chat**.
 3.  Click **Content Reporting**.
@@ -239,7 +239,7 @@ All reporting message categories SHOULD be selected.
 5.  Ensure all conversation type checkboxes are selected.
 6.  Click **Save**.

-#### GWS.CHAT.5.2v0.5 Instructions
+#### GWS.CHAT.5.2v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Chat**.
 3.  Click **Content Reporting**.
--- a/scubagoggles/baselines/classroom.md
+++ b/scubagoggles/baselines/classroom.md
@@ -38,7 +38,7 @@ This section covers who has the ability to join classes and what classes the use

 ### Policies

-#### GWS.CLASSROOM.1.1v0.5
+#### GWS.CLASSROOM.1.1v0.6
 Who can join classes in your domain SHALL be set to Users in your domain only.

 - _Rationale:_ Classes can contain private or otherwise sensitive information. Restricting classes to users in your domain helps prevent data leakage resulting from unauthorized classroom access.
@@ -48,7 +48,7 @@ Who can join classes in your domain SHALL be set to Users in your domain only.
  - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
  - [T1537: Transfer Data to Cloud Account](https://attack.mitre.org/techniques/T1537/)

-#### GWS.CLASSROOM.1.2v0.5
+#### GWS.CLASSROOM.1.2v0.6
 Which classes users in your domain can join SHALL be set to Classes in your domain only.

 - _Rationale:_ Allowing users to join a class from outside your domain could allow for data to be exfiltrated to entities outside the control of the organization creating a significant security risk.
@@ -74,11 +74,11 @@ To configure the settings for Class Membership:
 3.  Select **Class Settings**.
 4.  Select **About Class Membership**.

-#### GWS.CLASSROOM.1.1v0.5 Instructions
+#### GWS.CLASSROOM.1.1v0.6 Instructions
 1.  For **Who can join classes in your domain**, select **Users in your domain only**.
 2.  Select **Save**.

-#### GWS.CLASSROOM.1.2v0.5 Instructions
+#### GWS.CLASSROOM.1.2v0.6 Instructions
 1.  For **Which classes can users in your domain join**, select **Classes in your domain only**.
 2.  Select **Save**.

@@ -88,7 +88,7 @@ This section covers policies related to the Google Classroom API.

 ### Policies

-#### GWS.CLASSROOM.2.1v0.5
+#### GWS.CLASSROOM.2.1v0.6
 Users SHALL NOT be able to authorize apps to access their Google Classroom data.

 - _Rationale:_ Allowing ordinary users to authorize apps to have access to classroom data opens a possibility for data loss. Allowing only admins to authorize apps reduces this risk.
@@ -110,7 +110,7 @@ Users SHALL NOT be able to authorize apps to access their Google Classroom data.
 ### Implementation
 To configure the settings for Classroom API:

-#### GWS.CLASSROOM.2.1v0.5 Instructions
+#### GWS.CLASSROOM.2.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Additional Google Service** -\> **Classroom**.
 3.  Select **Data Access**.
@@ -123,7 +123,7 @@ This section covers policies related to importing rosters from Clever.

 ### Policies

-#### GWS.CLASSROOM.3.1v0.5
+#### GWS.CLASSROOM.3.1v0.6
 Roster import with Clever SHOULD be turned off.

 - _Rationale:_ If your organization does not use Clever, allowing roster imports could create a way for unauthorized data to be inputted into your organization's environment. If your organization does use Clever, then roster imports may be enabled.
@@ -143,7 +143,7 @@ Roster import with Clever SHOULD be turned off.
 ### Implementation
 To configure the settings for Roster Import:

-#### GWS.CLASSROOM.3.1v0.5 Instructions
+#### GWS.CLASSROOM.3.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Additional Google Service** -\> **Classroom**.
 3.  Select **Roster Import**.
@@ -156,7 +156,7 @@ This section covers policies related to unenrolling a student from a class.

 ### Policies

-#### GWS.CLASSROOM.4.1v0.5
+#### GWS.CLASSROOM.4.1v0.6
 Only teachers SHALL be allowed to unenroll students from classes.

 - _Rationale:_ Allowing students to unenroll themselves creates the opportunity for data loss or other inconsistencies, especially for K-12 classrooms. Restricting this ability to teachers mitigates this risk.
@@ -176,7 +176,7 @@ Only teachers SHALL be allowed to unenroll students from classes.
 ### Implementation
 To configure the settings for Student Unenrollment:

-#### GWS.CLASSROOM.4.1v0.5 Instructions
+#### GWS.CLASSROOM.4.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Additional Google Service** -\> **Classroom**.
 3.  Select **Student unenrollment**.
@@ -189,7 +189,7 @@ The first time users sign in to Classroom, they self-identify as either a studen

 ### Policies

-#### GWS.CLASSROOM.5.1v0.5
+#### GWS.CLASSROOM.5.1v0.6
 Class creation SHALL be restricted to verified teachers only.

 - _Rationale:_ Allowing pending teachers to create classes potentially allows students to impersonate teachers and exploit the trusted relationship between teacher and student, e.g., to phish sensitive information from the students. Restricting class creation to verified teachers reduces this risk.
@@ -214,7 +214,7 @@ Class creation SHALL be restricted to verified teachers only.
 ### Implementation
 To configure the settings for Class Creation:

-#### GWS.CLASSROOM.5.1v0.5 Instructions
+#### GWS.CLASSROOM.5.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Additional Google Service** -\> **Classroom**.
 3.  Select **General Settings**.
--- a/scubagoggles/baselines/gemini.md
+++ b/scubagoggles/baselines/gemini.md
@@ -42,7 +42,7 @@ for more details on configuring these additional services.

 ### Policies

-#### GWS.GEMINI.1.1v0.5
+#### GWS.GEMINI.1.1v0.6
 Gemini app user access SHALL be set to OFF for everyone without a license.

 - _Rationale:_ Only Gemini data for users with the appropriate license will be
@@ -65,7 +65,7 @@ allowing user access to Gemini under any license creates the risk of data leakag

 ### Implementation

-#### GWS.GEMINI.1.1v0.5 Instructions
+#### GWS.GEMINI.1.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Generative AI** -\> **Gemini App**.
 3.  Select **User Access**.
@@ -84,7 +84,7 @@ production data in connection with Pre-GA Offerings.

 ### Policies

-#### GWS.GEMINI.2.1v0.5
+#### GWS.GEMINI.2.1v0.6
 Alpha Gemini features SHALL be disabled.

 - _Rationale:_ Allowing access to alpha features may expose users to features that
@@ -108,7 +108,7 @@ Service Specific Terms.

 ### Implementation

-#### GWS.GEMINI.2.1v0.5 Instructions
+#### GWS.GEMINI.2.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Generative AI** -\> **Gemini for Workspace**.
 3.  Select **Alpha Gemini features**.
--- a/scubagoggles/baselines/gmail.md
+++ b/scubagoggles/baselines/gmail.md
@@ -50,7 +50,7 @@ This section determines whether users can delegate access to their mailbox to ot

 ### Policies

-#### GWS.GMAIL.1.1v0.5
+#### GWS.GMAIL.1.1v0.6
 Mail Delegation SHOULD be disabled.

 - _Rationale:_ Granting mail delegation can inadvertently lead to disclosure of sensitive information, impersonation of delegated accounts, or malicious alteration or deletion of emails. By controlling mail delegation, these risks can be significantly reduced, improving the security and integrity of email communications.
@@ -73,7 +73,7 @@ Mail Delegation SHOULD be disabled.

 ### Implementation

-#### GWS.GMAIL.1.1v0.5 Instructions
+#### GWS.GMAIL.1.1v0.6 Instructions
 To configure the settings for Mail Delegation:
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
@@ -88,7 +88,7 @@ This section enables DomainKeys Identified Mail (DKIM) to help prevent spoofing

 ### Policies

-#### GWS.GMAIL.2.1v0.5
+#### GWS.GMAIL.2.1v0.6
 DKIM SHOULD be enabled for all domains.

 - _Rationale:_ Enabling DKIM for all domains can help prevent email spoofing and phishing attacks. Without DKIM, adversaries could manipulate email headers to appear as if they're from a legitimate source, potentially leading to the disclosure of sensitive information. By enabling DKIM, the authenticity of emails can be verified, reducing this risk.
@@ -114,7 +114,7 @@ DKIM SHOULD be enabled for all domains.

 ### Implementation

-#### GWS.GMAIL.2.1v0.5 Instructions
+#### GWS.GMAIL.2.1v0.6 Instructions
 To configure the settings for DKIM:
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
@@ -134,7 +134,7 @@ The Sender Policy Framework (SPF) is a mechanism that allows administrators to s

 ### Policies

-#### GWS.GMAIL.3.1v0.5
+#### GWS.GMAIL.3.1v0.6
 An SPF policy SHALL be published for each domain that fails all non-approved senders.

 - _Rationale:_ Adversaries could potentially manipulate the 'FROM' field in an email to appear as a legitimate sender, increasing the risk of phishing attacks. By publishing an SPF policy for each domain that fails all non-approved senders, this risk can be reduced as it provides a means to detect and block such deceptive emails. Additionally, SPF is required for federal, executive branch, departments and agencies by Binding Operational Directive 18-01, "Enhance Email and Web Security."
@@ -162,7 +162,7 @@ An SPF policy SHALL be published for each domain that fails all non-approved sen

 ### Implementation

-#### GWS.GMAIL.3.1v0.5 Instructions
+#### GWS.GMAIL.3.1v0.6 Instructions
 First, identify any approved senders specific to your agency (see [Identify all email senders for your organization](https://support.google.com/a/answer/10686639#senders) for tips). SPF allows you to indicate approved senders by IP address or CIDR range. However, note that SPF allows you to [include](https://www.rfc-editor.org/rfc/rfc7208#section-5.2) the IP addresses indicated by a separate SPF policy, refered to by domain name. See [Define your SPF record—Basic setup](https://support.google.com/a/answer/10685031) for inclusions required for Google to send email on behalf of your domain.

 SPF is not configured through the Google Workspace admin center, but rather via DNS records hosted by the agency's domain. Thus, the exact steps needed to set up SPF varies from agency to agency. See [Add your SPF record at your domain provider](https://support.google.com/a/answer/10684623) for more details.
@@ -182,7 +182,7 @@ Domain-based Message Authentication, Reporting, and Conformance (DMARC) works wi

 ### Policies

-#### GWS.GMAIL.4.1v0.5
+#### GWS.GMAIL.4.1v0.6
 A DMARC policy SHALL be published at the full domain or the second-level domain for all Google Workspace domains, including user alias domains.

 - _Rationale:_ Without proper authentication and a DMARC policy available for each domain, recipients may improperly handle SPF and DKIM failures, possibly enabling adversaries to send deceptive emails that appear to be from your domain. Publishing a DMARC policy for every domain further reduces the risk posed by authentication failures.
@@ -194,7 +194,7 @@ A DMARC policy SHALL be published at the full domain or the second-level domain
 - MITRE ATT&CK TTP Mapping
  - None

-#### GWS.GMAIL.4.2v0.5
+#### GWS.GMAIL.4.2v0.6
 The DMARC message rejection option SHALL be p=reject.

 - _Rationale:_ Without stringent email authentication, adversaries could potentially send deceptive emails that appear to be from your domain, increasing the risk of phishing attacks. This policy reduces risk as it automatically rejects emails that fail SPF or DKIM checks, preventing potentially harmful emails from reaching recipients. Additionally, "reject" is the level of protection required by BOD 18-01, "Enhance Email and Web Security," for federal, executive branch, departments and agencies.
@@ -208,7 +208,7 @@ The DMARC message rejection option SHALL be p=reject.
  - [T1586:002: Compromise Accounts](https://attack.mitre.org/techniques/T1586/)
    - [T1586:002: Compromise Accounts: Email Accounts](https://attack.mitre.org/techniques/T1586/002/)

-#### GWS.GMAIL.4.3v0.5
+#### GWS.GMAIL.4.3v0.6
 The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cyber.dhs.gov`.

 - _Rationale:_ Without a centralized point of contact for DMARC aggregate reports, potential email security issues may go unnoticed, increasing the risk of phishing attacks. As required by BOD 18-01 for federal, executive branch, departments and agencies, set reports@dmarc.cyber.dhs.gov as the DMARC aggregate report recipient, which allows CISA to monitor and address email authentication issues.
@@ -218,7 +218,7 @@ The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cy
 - MITRE ATT&CK TTP Mapping
  - None

-#### GWS.GMAIL.4.4v0.5
+#### GWS.GMAIL.4.4v0.6
 An agency point of contact SHOULD be included for aggregate and failure reports.

 - _Rationale:_ Without a designated agency point of contact for DMARC aggregate and failure reports, potential email security issues may not be promptly addressed, increasing the risk of phishing attacks. By including an agency point of contact, this risk can be reduced as it facilitates a timely response to email authentication issues, enhancing overall email security.
@@ -243,7 +243,7 @@ An agency point of contact SHOULD be included for aggregate and failure reports.
 [//]: # (Keep the version suffix out of the anchor.)
 [//]: # (https://stackoverflow.com/questions/5319754/cross-reference-named-anchor-in-markdown)
 <a name="gmail41-instructions"></a>
-#### GWS.GMAIL.4.1v0.5 Instructions
+#### GWS.GMAIL.4.1v0.6 Instructions
 DMARC is not configured through the Google Admin Console, but rather via DNS records hosted by the agency's domain(s). As such, implementation varies depending on how an agency manages its DNS records. See [Add your DMARC record](https://support.google.com/a/answer/2466563) for Google guidance.

 To test your DMARC configuration, consider using one of many publicly available web-based tools, such as the [Google Admin Toolbox](https://toolbox.googleapps.com/apps/checkmx/). Additionally, DMARC records can be requested using the command line tool `dig`. For example:
@@ -254,13 +254,13 @@ dig _dmarc.example.com txt

 If DMARC is configured, a response resembling `v=DMARC1; p=reject; pct=100; rua=mailto:reports@dmarc.cyber.dhs.gov, mailto:reports@example.com; ruf=mailto:reports@example.com` will be returned, though by necessity, the contents of the record will vary by agency. In this example, the policy indicates all emails failing the SPF/DKIM checks are to be rejected and aggregate reports sent to reports@dmarc.cyber.dhs.gov and reports@example.com. Failure reports will be sent to reports@example.com.

-#### GWS.GMAIL.4.2v0.5 Instructions
+#### GWS.GMAIL.4.2v0.6 Instructions
 See [GWS.GMAIL.4.1 instructions](#gmail41-instructions) for an overview of how to publish and check a DMARC record. Ensure the record published includes `p=reject`.

-#### GWS.GMAIL.4.3v0.5 Instructions
+#### GWS.GMAIL.4.3v0.6 Instructions
 See [GWS.GMAIL.4.1 instructions](#gmail41-instructions) for an overview of how to publish and check a DMARC record. Ensure the record published includes reports@dmarc.cyber.dhs.gov as one of the emails for the `rua` field.

-#### GWS.GMAIL.4.4v0.5 Instructions
+#### GWS.GMAIL.4.4v0.6 Instructions
 See [GWS.GMAIL.4.1 instructions](#gmail41-instructions) for an overview of how to publish and check a DMARC record. Ensure the record published includes a point of contact specific to your agency, in addition to reports@dmarc.cyber.dhs.gov, as one of the emails for the `rua` field and one or more agency-defined points of contact for the `ruf` field.

 ## 5. Attachment Protections
@@ -271,7 +271,7 @@ A Google Workspace solution is not strictly required to satisfy this baseline co

 ### Policies

-#### GWS.GMAIL.5.1v0.5
+#### GWS.GMAIL.5.1v0.6
 Protect against encrypted attachments from untrusted senders SHALL be enabled.

 - _Rationale:_ Attachments from untrusted senders, especially encrypted ones, may contain malicious content that poses a security risk. By enabling protection against encrypted attachments from untrusted senders, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -287,7 +287,7 @@ Protect against encrypted attachments from untrusted senders SHALL be enabled.
    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
    - [T1204:003: User Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/)

-#### GWS.GMAIL.5.2v0.5
+#### GWS.GMAIL.5.2v0.6
 Protect against attachments with scripts from untrusted senders SHALL be enabled.

 - _Rationale:_ Attachments with scripts from untrusted senders may contain malicious content that poses a security risk. By enabling protection against such attachments, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -303,7 +303,7 @@ Protect against attachments with scripts from untrusted senders SHALL be enabled
    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
    - [T1204:003: User Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/)

-#### GWS.GMAIL.5.3v0.5
+#### GWS.GMAIL.5.3v0.6
 Protect against anomalous attachment types in emails SHALL be enabled.

 - _Rationale:_ Anomalous attachment types in emails may contain malicious content that poses a security risk. By enabling protection against such attachments, this risk can be reduced, enhancing the safety and integrity of the user data and systems.
@@ -319,7 +319,7 @@ Protect against anomalous attachment types in emails SHALL be enabled.
    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)
    - [T1204:003: User Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/)

-#### GWS.GMAIL.5.4v0.5
+#### GWS.GMAIL.5.4v0.6
 Google SHOULD be allowed to automatically apply future recommended settings for attachments.

 - _Rationale:_ By enabling this feature, the system can automatically stay updated with the latest security measures recommended by Google, reducing the risk of security breaches.
@@ -328,7 +328,7 @@ Google SHOULD be allowed to automatically apply future recommended settings for
 - MITRE ATT&CK TTP Mapping
  - None

-#### GWS.GMAIL.5.5v0.5
+#### GWS.GMAIL.5.5v0.6
 Emails flagged by the above attachment protection controls SHALL NOT be kept in inbox.

 - _Rationale:_ Keeping emails flagged by attachment protection controls in the inbox could potentially expose users to malicious content. Removing these emails from the inbox enhances the safety and integrity of user data and systems.
@@ -346,7 +346,7 @@ Emails flagged by the above attachment protection controls SHALL NOT be kept in
    - [T1204:003: User Execution: Malicious Image](https://attack.mitre.org/techniques/T1204/003/)


-#### GWS.GMAIL.5.6v0.5
+#### GWS.GMAIL.5.6v0.6
 Any third-party or outside application selected for attachment protection SHOULD offer services comparable to those offered by Google Workspace.

 - _Rationale:_ Using third-party or outside applications for attachment protection that do not offer services comparable to those offered by Google Workspace could potentially expose users to security risks. Using applications that offer comparable services reduces this risk, enhancing the safety and integrity of user data and systems.
@@ -375,24 +375,24 @@ To configure the settings for Attachment Protections:
 4.  Follow implementation for each individual policy
 5.  Select **Save**.

-#### GWS.GMAIL.5.1v0.5 Instructions
+#### GWS.GMAIL.5.1v0.6 Instructions
 1.  Check the **Protect against encrypted attachments from untrusted senders** checkbox.

-#### GWS.GMAIL.5.2v0.5 Instructions
+#### GWS.GMAIL.5.2v0.6 Instructions
 1.  Check the **Protect against attachments with scripts from untrusted senders** checkbox.

-#### GWS.GMAIL.5.3v0.5 Instructions
+#### GWS.GMAIL.5.3v0.6 Instructions
 1.  Check the **Protect against anomalous attachment types in emails** checkbox.

-#### GWS.GMAIL.5.4v0.5 Instructions
+#### GWS.GMAIL.5.4v0.6 Instructions
 1.  Check the **Apply future recommended settings automatically** checkbox.

-#### GWS.GMAIL.5.5v0.5 Instructions
+#### GWS.GMAIL.5.5v0.6 Instructions
 1.  Under the setting for Policy 5.1 through Policy 5.3, ensure either "Move email to spam" or "Quarantine" is selected.



-#### GWS.GMAIL.5.6v0.5 Instructions
+#### GWS.GMAIL.5.6v0.6 Instructions
 1.  No implementation steps for this policy


@@ -404,7 +404,7 @@ A Google Workspace solution is not strictly required to satisfy this baseline co

 ### Policies

-#### GWS.GMAIL.6.1v0.5
+#### GWS.GMAIL.6.1v0.6
 Identify links behind shortened URLs SHALL be enabled.

 - _Rationale:_ Shortened URLs can potentially hide malicious links, posing a security risk. By enabling the identification of links behind shortened URLs, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -417,7 +417,7 @@ Identify links behind shortened URLs SHALL be enabled.
  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
    - [T1204:001: User Execution: Malicious Link](https://attack.mitre.org/techniques/T1204/001/)

-#### GWS.GMAIL.6.2v0.5
+#### GWS.GMAIL.6.2v0.6
 Scan linked images SHALL be enabled.

 - _Rationale:_ Linked images in emails can potentially contain malicious content, posing a security risk. By enabling the scanning of linked images, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -430,7 +430,7 @@ Scan linked images SHALL be enabled.
  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
    - [T1204:002: User Execution: Malicious File](https://attack.mitre.org/techniques/T1204/002/)

-#### GWS.GMAIL.6.3v0.5
+#### GWS.GMAIL.6.3v0.6
 Show warning prompt for any click on links to untrusted domains SHALL be enabled.

 - _Rationale:_ Clicking on links to unfamiliar domains can potentially expose users to malicious content, posing a security risk. By enabling a warning prompt for any click on such links, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -443,7 +443,7 @@ Show warning prompt for any click on links to untrusted domains SHALL be enabled
  - [T1204: User Execution](https://attack.mitre.org/techniques/T1204/)
    - [T1204:001: User Execution: Malicious Link](https://attack.mitre.org/techniques/T1204/001/)

-#### GWS.GMAIL.6.4v0.5
+#### GWS.GMAIL.6.4v0.6
 Google SHALL be allowed to automatically apply future recommended settings for links and external images.

 - _Rationale:_ By enabling this feature, the system can automatically stay updated with the latest recommended security measures from Google, reducing the risk of security breaches and enhancing the safety and integrity of user data and systems.
@@ -452,7 +452,7 @@ Google SHALL be allowed to automatically apply future recommended settings for l
 - MITRE ATT&CK TTP Mapping
  - None

-#### GWS.GMAIL.6.5v0.5
+#### GWS.GMAIL.6.5v0.6
 Any third-party or outside application selected for links and external images protection SHOULD offer services comparable to those offered by Google Workspace.

 - _Rationale:_ Using third-party or outside applications for links and external images protection that do not offer services comparable to those offered by Google Workspace could potentially expose users to security risks. Using applications that offer comparable services enhances the safety and integrity of user data and systems.
@@ -484,19 +484,19 @@ To configure the settings for Links and External Images Protection:
 4.  Follow implementation for each individual policy.
 5.  Select **Save**

-#### GWS.GMAIL.6.1v0.5 Instructions
+#### GWS.GMAIL.6.1v0.6 Instructions
 1.  Check the **Identify links behind shortened URLs** checkbox.

-#### GWS.GMAIL.6.2v0.5 Instructions
+#### GWS.GMAIL.6.2v0.6 Instructions
 1.  Check the **Scan linked images** checkbox.

-#### GWS.GMAIL.6.3v0.5 Instructions
+#### GWS.GMAIL.6.3v0.6 Instructions
 1.  Check the **Show warning prompt for any click on links to untrusted domains** checkbox.

-#### GWS.GMAIL.6.4v0.5 Instructions
+#### GWS.GMAIL.6.4v0.6 Instructions
 1.  Check the **Apply future recommended settings automatically** checkbox.

-#### GWS.GMAIL.6.5v0.5 Instructions
+#### GWS.GMAIL.6.5v0.6 Instructions
 1.  No implementation steps for this policy


@@ -508,7 +508,7 @@ A Google Workspace solution is not strictly required to satisfy this baseline co

 ### Policies

-#### GWS.GMAIL.7.1v0.5
+#### GWS.GMAIL.7.1v0.6
 Protect against domain spoofing based on similar domain names SHALL be enabled.

 - _Rationale:_ Emails sent from domains that look similar to your domain can potentially deceive users into interacting with malicious content, posing a security risk. Enabling protection against such spoofing can reduce this risk, enhancing the safety and integrity of user data and systems.
@@ -520,7 +520,7 @@ Protect against domain spoofing based on similar domain names SHALL be enabled.
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.2v0.5
+#### GWS.GMAIL.7.2v0.6
 Protect against spoofing of employee names SHALL be enabled.

 - _Rationale:_ Spoofing of employee identities (e.g., CEO and IT staff) can potentially deceive users into interacting with malicious content, posing a security risk. Enabling protection against such spoofing can reduce this risk, enhancing the safety and integrity of user data and systems.
@@ -532,7 +532,7 @@ Protect against spoofing of employee names SHALL be enabled.
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.3v0.5
+#### GWS.GMAIL.7.3v0.6
 Protect against inbound emails spoofing your domain SHALL be enabled.

 - _Rationale:_ Inbound emails appearing to come from your domain can potentially deceive users into interacting with malicious content, posing a security risk. By enabling protection against such spoofing, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -544,7 +544,7 @@ Protect against inbound emails spoofing your domain SHALL be enabled.
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.4v0.5
+#### GWS.GMAIL.7.4v0.6
 Protect against any unauthenticated emails SHALL be enabled.

 - _Rationale:_ Unauthenticated emails can potentially contain malicious content, posing a security risk. By enabling protection against such emails, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -556,7 +556,7 @@ Protect against any unauthenticated emails SHALL be enabled.
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.5v0.5
+#### GWS.GMAIL.7.5v0.6
 Protect your Groups from inbound emails spoofing your domain SHALL be enabled.

 - _Rationale:_ Inbound emails spoofing your domain can potentially deceive users into interacting with malicious content, posing a security risk. By enabling protection against such spoofing, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -568,7 +568,7 @@ Protect your Groups from inbound emails spoofing your domain SHALL be enabled.
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.6v0.5
+#### GWS.GMAIL.7.6v0.6
 Emails flagged by the above spoofing and authentication controls SHALL NOT be kept in inbox.

 - _Rationale:_ Keeping emails flagged by spoofing and authentication controls in the inbox could potentially expose users to malicious content. Moving emails out of the inbox can reduce this risk, enhancing the safety and integrity of the user's data and systems.
@@ -582,7 +582,7 @@ Emails flagged by the above spoofing and authentication controls SHALL NOT be ke
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)


-#### GWS.GMAIL.7.7v0.5
+#### GWS.GMAIL.7.7v0.6
 Google SHALL be allowed to automatically apply future recommended settings for spoofing and authentication.

 - _Rationale:_ By enabling this feature, the system can automatically stay updated with the latest recommended security measures from Google, reducing the risk of security breaches and enhancing the safety and integrity of user data and systems.
@@ -594,7 +594,7 @@ Google SHALL be allowed to automatically apply future recommended settings for s
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)

-#### GWS.GMAIL.7.8v0.5
+#### GWS.GMAIL.7.8v0.6
 Any third-party or outside application selected for spoofing and authentication protection SHOULD offer services comparable to those offered by Google Workspace.

 - _Rationale:_ Using third-party or outside applications for spoofing and authentication protection that do not offer services comparable to those offered by Google Workspace could potentially expose users to security risks. Using applications that offer comparable services reduces this risk, enhancing the safety and integrity of user data and systems.
@@ -625,29 +625,29 @@ To configure the settings for Spoofing and Authentication Protection:
 4.  Follow steps for individual policies below.
 5.  Select **Save**

-#### GWS.GMAIL.7.1v0.5 Instructions
+#### GWS.GMAIL.7.1v0.6 Instructions
 1.  Check the **Protect against domain spoofing based on similar domain names** checkbox.

-#### GWS.GMAIL.7.2v0.5 Instructions
+#### GWS.GMAIL.7.2v0.6 Instructions
 1.  Check the **Protect against spoofing of employee names** checkbox.

-#### GWS.GMAIL.7.3v0.5 Instructions
+#### GWS.GMAIL.7.3v0.6 Instructions
 1.  Check the **Protect against inbound emails spoofing your domain** checkbox.

-#### GWS.GMAIL.7.4v0.5 Instructions
+#### GWS.GMAIL.7.4v0.6 Instructions
 1.  Check the **Protect against any unauthenticated emails** checkbox.

-#### GWS.GMAIL.7.5v0.5 Instructions
+#### GWS.GMAIL.7.5v0.6 Instructions
 1.  Check the **Protect your groups from inbound emails spoofing your domain** checkbox.

-#### GWS.GMAIL.7.6v0.5 Instructions
+#### GWS.GMAIL.7.6v0.6 Instructions
 1.  Under each setting from Policy 7.1 through Policy 7.5, make sure either "Move email to spam" or "Quarantine" is selected.


-#### GWS.GMAIL.7.7v0.5 Instructions
+#### GWS.GMAIL.7.7v0.6 Instructions
 1.  Check the **Apply future recommended settings automatically** checkbox.

-#### GWS.GMAIL.7.8v0.5 Instructions
+#### GWS.GMAIL.7.8v0.6 Instructions
 1.  There is no implementation for this policy.


@@ -657,7 +657,7 @@ This section addresses a feature that enables users to import their email and co

 ### Policies

-#### GWS.GMAIL.8.1v0.5
+#### GWS.GMAIL.8.1v0.6
 User email uploads SHALL be disabled to protect against unauthorized files being introduced into the secured environment.

 - _Rationale:_ Allowing user email uploads could potentially introduce unauthorized or malicious files into the secured environment, posing a security risk. By disabling user email uploads, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -683,7 +683,7 @@ User email uploads SHALL be disabled to protect against unauthorized files being

 To configure the settings for User Email Uploads:

-#### GWS.GMAIL.8.1v0.5 Instructions
+#### GWS.GMAIL.8.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Setup -\> User email uploads**.
@@ -697,7 +697,7 @@ This section determines whether users have POP3 and IMAP access. Doing so allows

 ### Policies

-#### GWS.GMAIL.9.1v0.5
+#### GWS.GMAIL.9.1v0.6
 POP and IMAP access SHALL be disabled to protect sensitive agency or organization emails from being accessed through legacy applications or other third-party mail clients.

 - _Rationale:_ Enabling POP and IMAP access could potentially expose sensitive agency or organization emails to unauthorized access through legacy applications or third-party mail clients, posing a security risk. By disabling POP and IMAP access, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -721,7 +721,7 @@ POP and IMAP access SHALL be disabled to protect sensitive agency or organizatio
 To configure the settings for POP and IMAP access:


-#### GWS.GMAIL.9.1v0.5 Instructions
+#### GWS.GMAIL.9.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **End User Access -\> POP and IMAP access**.
@@ -736,7 +736,7 @@ This section determines whether Google Workspace Sync allows data synchronizatio

 ### Policies

-#### GWS.GMAIL.10.1v0.5
+#### GWS.GMAIL.10.1v0.6
 Google Workspace Sync SHOULD be disabled.

 - _Rationale:_ Enabling Google Workspace Sync could potentially expose sensitive agency or organization data to unauthorized access or loss, posing a security risk. By disabling Google Workspace Sync, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -763,7 +763,7 @@ Google Workspace Sync SHOULD be disabled.

 To configure the settings for Google Workspace Sync:

-#### GWS.GMAIL.10.1v0.5 Instructions
+#### GWS.GMAIL.10.1v0.6 Instructions
 1.  Sign in to the [Google Admin console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **End User Access -\> Google Workspace Sync**.
@@ -777,7 +777,7 @@ This section determines whether emails can be automatically forwarded from a use

 ### Policies

-#### GWS.GMAIL.11.1v0.5
+#### GWS.GMAIL.11.1v0.6
 Automatic forwarding SHOULD be disabled, especially to external domains.

 - _Rationale:_ By enabling automatic forwarding, especially to external domains, adversaries could gain persistent access to a victim's email, potentially exposing sensitive agency or organization emails to unauthorized access or loss. By disabling automatic forwarding, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -798,7 +798,7 @@ Automatic forwarding SHOULD be disabled, especially to external domains.

 To configure the settings for Automatic Forwarding:

-#### GWS.GMAIL.11.1v0.5 Instructions
+#### GWS.GMAIL.11.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **End User Access -\> Automatic forwarding**.
@@ -811,7 +811,7 @@ This section determines whether outgoing mail is delivered only through the Goog

 ### Policies

-#### GWS.GMAIL.12.1v0.5
+#### GWS.GMAIL.12.1v0.6
 Using a per-user outbound gateway that is a mail server other than the Google Workspace mail servers SHALL be disabled.

 - _Rationale:_ Using a per-user outbound gateway that is a mail server other than the Google Workspace mail servers could potentially expose sensitive agency or organization emails to unauthorized access or loss, posing a security risk. By disabling this feature, this risk can be reduced, enhancing the safety and integrity of user data and systems.
@@ -836,7 +836,7 @@ Using a per-user outbound gateway that is a mail server other than the Google Wo

 To configure the settings for Per-user Outbound Gateways:

-#### GWS.GMAIL.12.1v0.5 Instructions
+#### GWS.GMAIL.12.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **End User Access -\> Allow per-user outbound gateways**.
@@ -850,7 +850,7 @@ This section determines whether users are prompted with a warning for messages t

 ### Policies

-#### GWS.GMAIL.13.1v0.5
+#### GWS.GMAIL.13.1v0.6
 Unintended external reply warnings SHALL be enabled.

 - _Rationale:_ Unintended external reply warnings can help reduce the risk of exposing sensitive information in replies to external messages. Enabling these warnings reminds users to treat external messages with caution, reducing this risk and enhancing the safety and integrity of user data and systems.
@@ -876,7 +876,7 @@ Unintended external reply warnings SHALL be enabled.

 To configure the settings to warn users of external recipients:

-#### GWS.GMAIL.13.1v0.5 Instructions
+#### GWS.GMAIL.13.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **End User Access -\> Warn for external recipients**.
@@ -890,7 +890,7 @@ This section determines whether an email allowlist allows for messages from cert

 ### Policies

-#### GWS.GMAIL.14.1v0.5
+#### GWS.GMAIL.14.1v0.6
 An email allowlist SHOULD not be implemented.

 - _Rationale:_ Implementing an email allowlist could potentially expose users to security risks as allowlisted senders bypass important security mechanisms, including spam filtering and sender authentication checks. By not implementing an allowlist, this risk can be reduced, enhancing the safety and integrity of the user data and systems.
@@ -916,7 +916,7 @@ An email allowlist SHOULD not be implemented.

 To configure the settings for Email Allowlists:

-#### GWS.GMAIL.14.1v0.5 Instructions
+#### GWS.GMAIL.14.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Spam, phishing, and malware -\> Email allowlist**.
@@ -932,7 +932,7 @@ A Google Workspace solution is not strictly required to satisfy this baseline co

 ### Policies

-#### GWS.GMAIL.15.1v0.5
+#### GWS.GMAIL.15.1v0.6
 Enhanced pre-delivery message scanning SHALL be enabled to prevent phishing.

 - _Rationale:_ Without enhanced pre-delivery message scanning, users may be exposed to phishing attempts, posing a security risk. By enabling this feature, potential phishing emails can be identified and blocked before reaching the user, reducing this risk and enhancing the safety and integrity of user data and systems.
@@ -944,7 +944,7 @@ Enhanced pre-delivery message scanning SHALL be enabled to prevent phishing.
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)
    - [T1566:003: Phishing: Spearphishing via Service](https://attack.mitre.org/techniques/T1566/003/)

-#### GWS.GMAIL.15.2v0.5
+#### GWS.GMAIL.15.2v0.6
 Any third-party or outside application selected for enhanced pre-delivery message scanning SHOULD offer services comparable to those offered by Google Workspace.

 - _Rationale:_ Using third-party or outside applications for enhanced pre-delivery message scanning that do not offer services comparable to those offered by Google Workspace could potentially expose users to security risks. Using applications that offer comparable services reduces this risk, enhancing the safety and integrity of user data and systems.
@@ -965,14 +965,14 @@ Any third-party or outside application selected for enhanced pre-delivery messag

 To configure the settings for Enhanced Pre-Delivery Message Scanning:

-#### GWS.GMAIL.15.1v0.5 Instructions
+#### GWS.GMAIL.15.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Spam, phishing, and malware -\> Enhanced pre-delivery message scanning**.
 4.  Check the **Enables improved detection of suspicious content prior to delivery** checkbox.
 5.  Select **Save**.

-#### GWS.GMAIL.15.2v0.5 Instructions
+#### GWS.GMAIL.15.2v0.6 Instructions
 1.  There is no implementation steps for this policy


@@ -984,7 +984,7 @@ A Google Workspace solution is not strictly required to satisfy this baseline co

 ### Policies

-#### GWS.GMAIL.16.1v0.5
+#### GWS.GMAIL.16.1v0.6
 Security sandbox SHOULD be enabled to provide additional protections for their email messages.

 - _Rationale:_ Without a security sandbox, emails with malicious content could potentially interact directly with the users' systems, posing a risk. By enabling the security sandbox, additional protections are provided for email messages, reducing this risk and enhancing the safety and integrity of user data and systems.
@@ -994,7 +994,7 @@ Security sandbox SHOULD be enabled to provide additional protections for their e
  - [T1566: Phishing](https://attack.mitre.org/techniques/T1566/)
    - [T1566:001: Phishing: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001/)

-#### GWS.GMAIL.16.2v0.5
+#### GWS.GMAIL.16.2v0.6
 Any third-party or outside application selected for security sandbox SHOULD offer services comparable to those offered by Google Workspace.

 - _Rationale:_ Using third-party or outside applications for security sandbox that do not offer services comparable to those offered by Google Workspace could potentially expose users to security risks. Using applications that offer comparable services reduces this risk, enhancing the safety and integrity of user data and systems.
@@ -1015,7 +1015,7 @@ Any third-party or outside application selected for security sandbox SHOULD offe

 To configure the settings for Security sandbox or Security sandbox rules:

-#### GWS.GMAIL.16.1v0.5 Instructions
+#### GWS.GMAIL.16.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Spam, phishing, and malware -\> Security sandbox**.
@@ -1028,7 +1028,7 @@ To configure the settings for Security sandbox or Security sandbox rules:
    4. Action to take if expressions match.
 7. Select **Save**.

-#### GWS.GMAIL.16.2v0.5 Instructions
+#### GWS.GMAIL.16.2v0.6 Instructions
 1.  There is no implementation steps for this policy.

 ## 17. Comprehensive Mail Storage
@@ -1037,7 +1037,7 @@ This section allows for email messages sent through other Google Workspace appli

 ### Policies

-#### GWS.GMAIL.17.1v0.5
+#### GWS.GMAIL.17.1v0.6
 Comprehensive mail storage SHOULD be enabled to allow tracking of information across applications.

 - _Rationale:_ Without comprehensive mail storage, tracking of information across applications could be compromised, posing a potential security risk. Enabling comprehensive mail storage can reduce this risk, enhancing the safety and integrity of user data and systems.
@@ -1058,7 +1058,7 @@ Comprehensive mail storage SHOULD be enabled to allow tracking of information ac

 To configure the settings for Comprehensive Mail Storage:

-#### GWS.GMAIL.17.1v0.5 Instructions
+#### GWS.GMAIL.17.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Compliance -\> Comprehensive mail storage**.
@@ -1072,7 +1072,7 @@ This section covers the settings relating to bypassing spam filters.

 ### Policies

-#### GWS.GMAIL.18.1v0.5
+#### GWS.GMAIL.18.1v0.6
 Domains SHALL NOT be added to lists that bypass spam filters.

 - _Rationale:_ Legitimate emails may be incorrectly filtered by spam protections. Adding allowed senders is an acceptable method of combating these false positives. Allowing an entire domain, especially a common domain like office.com, however, provides for a large number of potentially unknown users to bypass spam protections.
@@ -1085,7 +1085,7 @@ Domains SHALL NOT be added to lists that bypass spam filters.
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)
  - [T1534: Internal Spearphishing](https://attack.mitre.org/techniques/T1534/)

-#### GWS.GMAIL.18.2v0.5
+#### GWS.GMAIL.18.2v0.6
 Domains SHALL NOT be added to lists that bypass spam filters and hide warnings.

 - _Rationale:_ Legitimate emails may be incorrectly filtered by spam protections. Adding allowed senders is an acceptable method of combating these false positives. Allowing an entire domain, especially a common domain like office.com, however, provides for a large number of potentially unknown users to bypass spam protections.
@@ -1097,7 +1097,7 @@ Domains SHALL NOT be added to lists that bypass spam filters and hide warnings.
    - [T1566:002: Phishing: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002/)
  - [T1534: Internal Spearphishing](https://attack.mitre.org/techniques/T1534/)

-#### GWS.GMAIL.18.3v0.5
+#### GWS.GMAIL.18.3v0.6
 Bypass spam filters and hide warnings for all messages from internal and external senders SHALL NOT be enabled.

 - _Rationale:_ Bypassing spam filters and hiding warning for all messages from internal and external senders creates a security risk because all messages are allowed to bypass filters. Disabling this feature mitigates the risk.
@@ -1126,21 +1126,21 @@ To configure the settings for spam filtering:
 2.  Select **Apps -\> Google Workspace -\> Gmail**.
 3.  Select **Spam, Phishing, and Malware**.

-#### GWS.GMAIL.18.1v0.5 Instructions
+#### GWS.GMAIL.18.1v0.6 Instructions
 For each rule listed under **Spam**:
 1. Ensure that either:
    * **Bypass spam filters for messages from senders or domains in selected lists** is not selected, or
    * None of the lists shown under **Bypass spam filters for messages from senders or domains in selected lists** contain an entire domain. For example, the entire domain "example.com" is not acceptable, but the specific address, john.doe@example.com, would be.
 2. Modify the rule or lists associated with the rule as needed, then select **Save.**

-#### GWS.GMAIL.18.2v0.5 Instructions
+#### GWS.GMAIL.18.2v0.6 Instructions
 For each rule listed under **Spam**:
 1. Ensure that either:
    * **Bypass spam filters and hide warnings for messages from senders or domains in selected lists** is not selected, or
    * None of the lists shown under **Bypass spam filters and hide warnings for messages from senders or domains in selected lists** contain an entire domain. For example, the entire domain "example.com" is not acceptable, but the specific address, john.doe@example.com, would be.
 2. Modify the rule or lists associated with the rule as needed, then select **Save.**

-#### GWS.GMAIL.18.3v0.5 Instructions
+#### GWS.GMAIL.18.3v0.6 Instructions
 For each rule listed under **Spam**:
 1. Ensure that **Bypass spam filters and hide warnings for all messages from internal and external sender* is not selected.
 2. Select **Save.**
--- a/scubagoggles/baselines/groups.md
+++ b/scubagoggles/baselines/groups.md
@@ -36,7 +36,7 @@ These settings are addressed in the following policies.

 ### Policies

-#### GWS.GROUPS.1.1v0.5
+#### GWS.GROUPS.1.1v0.6
 Group access from outside the organization SHALL be disabled unless explicitly granted by the group owner.

 - _Rationale:_ Groups may contain private or sensitive information. Restricting group access reduces the risk of data loss.
@@ -45,7 +45,7 @@ Group access from outside the organization SHALL be disabled unless explicitly g
 - MITRE ATT&CK TTP Mapping
  - [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

-#### GWS.GROUPS.1.2v0.5
+#### GWS.GROUPS.1.2v0.6
 Group owners' ability to add external members to groups SHOULD be disabled unless necessary for agency mission fulfillment.

 - _Rationale:_ Groups may contain private or sensitive information. Restricting group access reduces the risk of data loss.
@@ -57,7 +57,7 @@ Group owners' ability to add external members to groups SHOULD be disabled unles
    - [T1048:001: Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/001/)
    - [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)

-#### GWS.GROUPS.1.3v0.5
+#### GWS.GROUPS.1.3v0.6
 Group owners' ability to allow posting to a group by an external, non-group member SHOULD be disabled unless necessary for agency mission fulfillment.

 - _Rationale:_ Allowing external users to post opens the door for phishing or other malicious activity to be shared via Groups. Restricting posting by non-group members reduces this risk.
@@ -83,21 +83,21 @@ Group owners' ability to allow posting to a group by an external, non-group memb

 ### Implementation

-#### GWS.GROUPS.1.1v0.5 Instructions
+#### GWS.GROUPS.1.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Groups for Business**.
 3.  Select **Sharing settings** -\> **Sharing options**.
 4.  Select **Accessing groups from outside this organization** -\> **Private**.
 5.  Select **Save**.

-#### GWS.GROUPS.1.2v0.5 Instructions
+#### GWS.GROUPS.1.2v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Groups for Business**.
 3.  Select **Sharing settings** -\> **Sharing options**.
 4.  **Uncheck** the **Group owners can allow external members** checkbox.
 5.  Select **Save**.

-#### GWS.GROUPS.1.3v0.5 Instructions
+#### GWS.GROUPS.1.3v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Groups for Business**.
 3.  Select **Sharing settings** -\> **Sharing options**.
@@ -110,7 +110,7 @@ This section covers who has the ability to create a new group within the organiz

 ### Policies

-#### GWS.GROUPS.2.1v0.5
+#### GWS.GROUPS.2.1v0.6
 Group creation SHOULD be restricted to admins within the organization unless necessary for agency mission fulfillment.

 - _Rationale:_ Many settings for Google Workspace products can be set at the Group level. Allowing unrestricted group creation complicates setting management and opens channels of unmanaged communication.
@@ -132,7 +132,7 @@ Group creation SHOULD be restricted to admins within the organization unless nec

 ### Implementation

-#### GWS.GROUPS.2.1v0.5 Instructions
+#### GWS.GROUPS.2.1v0.6 Instructions
 To configure the settings for Sharing options:

 1.  Sign in to the [Google Admin Console](https://admin.google.com).
@@ -147,7 +147,7 @@ This section covers the default permissions assigned to the viewing of conversat

 ### Policies

-#### GWS.GROUPS.3.1v0.5
+#### GWS.GROUPS.3.1v0.6
 The default permission to view conversations SHOULD be set to All Group Members.

 - _Rationale:_ Groups may contain private or sensitive information not appropriate for the entire Google Workspace organization. Restricting access to group members reduces the risk of data loss.
@@ -171,7 +171,7 @@ The default permission to view conversations SHOULD be set to All Group Members.

 ### Implementation

-#### GWS.GROUPS.3.1v0.5 Instructions
+#### GWS.GROUPS.3.1v0.6 Instructions
 To configure the settings for Sharing options:

 1.  Sign in to the [Google Admin Console](https://admin.google.com).
@@ -186,7 +186,7 @@ This section covers whether or not the owner of a group can hide the group from

 ### Policies

-#### GWS.GROUPS.4.1v0.5
+#### GWS.GROUPS.4.1v0.6
 The Ability for Groups to be Hidden from the Directory SHALL be disabled.

 - _Rationale:_ Hidden groups are not visible, even to admins, in the list of groups found at groups.google.com, though they are still visible on the directory page on admin.google.com. As such, allowing for hidden groups increases the risk of groups being created without admin oversight.
@@ -208,7 +208,7 @@ The Ability for Groups to be Hidden from the Directory SHALL be disabled.

 ### Implementation

-#### GWS.GROUPS.4.1v0.5 Instructions
+#### GWS.GROUPS.4.1v0.6 Instructions
 To configure the settings for Sharing options:

 1.  Sign in to the [Google Admin Console](https://admin.google.com).
--- a/scubagoggles/baselines/meet.md
+++ b/scubagoggles/baselines/meet.md
@@ -38,7 +38,7 @@ This control limits safe meeting access to users with a Google Account or Dialin

 ### Policies

-#### GWS.MEET.1.1v0.5
+#### GWS.MEET.1.1v0.6
 Meeting access SHOULD be restricted to users signed in with a Google Account or Dialing in using a phone.

 - _Rationale:_ Allowing users not signed-in to join meetings diminishes host control of meeting participation, reduces user accountability, and invites potential data breach. This policy reduces that risk by requiring all users to sign-in.
@@ -64,7 +64,7 @@ Meeting access SHOULD be restricted to users signed in with a Google Account or

 To configure the settings for Domain Meet safety settings:

-#### GWS.MEET.1.1v0.5 Instructions
+#### GWS.MEET.1.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Meet**.
 3.  Select **Meet safety settings** -\> **Domain**.
@@ -78,7 +78,7 @@ This control determines which meetings users within the agency's organization ca

 ### Policies

-#### GWS.MEET.2.1v0.5
+#### GWS.MEET.2.1v0.6
 Meeting access SHALL be disabled for meetings created by users who are not members of any Google Workspace tenant or organization.

 - _Rationale:_ Contact with unmanaged users can pose the risk of data leakage and other security threats. This policy reduces such contact by not allowing agency users to join meetings created by users' personal accounts.
@@ -103,7 +103,7 @@ Meeting access SHALL be disabled for meetings created by users who are not membe

 To configure the settings for Access within Meet safety settings:

-#### GWS.MEET.2.1v0.5 Instructions
+#### GWS.MEET.2.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Meet**.
 3.  Select **Meet safety settings** -\> **Access**.
@@ -118,7 +118,7 @@ Note: When this feature is not enabled, any attendee that is a member of the hos

 ### Policies

-#### GWS.MEET.3.1v0.5
+#### GWS.MEET.3.1v0.6
 Host Management meeting features SHALL be enabled.

 - _Rationale:_ With host management disabled, any internal participant is able to take control of meetings, performing actions such as recording the meeting, disabling or enabling the chat, and ending the meeting. When enabled, these options are only available to meeting hosts.
@@ -145,7 +145,7 @@ Host Management meeting features SHALL be enabled.

 To enable Host Management meeting features:

-#### GWS.MEET.3.1v0.5 Instructions
+#### GWS.MEET.3.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Meet**.
 3.  Select **Meet safety settings** -\> **Host management**.
@@ -158,7 +158,7 @@ This control provides a warning label for any participating a meeting who is not

 ### Policies

-#### GWS.MEET.4.1v0.5
+#### GWS.MEET.4.1v0.6
 Warn for external participants SHALL be enabled.

 - _Rationale:_ Users may inadvertently include external users or not be aware that external users are present. When enabled, external or unidentified participants in a meeting are given a label. This increases situational awareness amongst meeting participants and can help prevent inadvertent data leakage.
@@ -186,7 +186,7 @@ Warn for external participants SHALL be enabled.

 To enable Host Management meeting features:

-#### GWS.MEET.4.1v0.5 Instructions
+#### GWS.MEET.4.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Google Meet**.
 3.  Select **Meet safety settings** -\> **Warn for external participants**.
@@ -199,7 +199,7 @@ This section covers who domain users are allowed to receive a 1:1 call from.

 ### Policies

-#### GWS.MEET.5.1v0.5
+#### GWS.MEET.5.1v0.6
 Incoming calls SHALL be restricted to contacts and other users in the organization.

 - _Rationale:_ Calls could potentially be used to pass sensitive information. By selecting this setting, it potentially mitigates unauthorized data leakage.
@@ -223,7 +223,7 @@ Incoming calls SHALL be restricted to contacts and other users in the organizati

 ### Implementation

-#### GWS.MEET.5.1v0.5 Instructions
+#### GWS.MEET.5.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Meet**.
 3.  Click **Meet safety settings**.
@@ -237,7 +237,7 @@ This section covers Google Meet video settings such as automatic video recording

 ### Policies

-#### GWS.MEET.6.1v0.5
+#### GWS.MEET.6.1v0.6
 Automatic recordings for Google Meet SHALL be disabled.

 - _Rationale:_ Automatic recordings could record sensitive information. By selecting this setting, it potentially mitigates unauthorized data leakage.
@@ -249,7 +249,7 @@ Automatic recordings for Google Meet SHALL be disabled.
  - [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
  - [T1565: Data Manipulation](https://attack.mitre.org/techniques/T1565/)

-#### GWS.MEET.6.2v0.5
+#### GWS.MEET.6.2v0.6
 Automatic transcripts for Google Meet SHALL be disabled.

 - _Rationale:_ Automatic transcripts could record sensitive information. By selecting this setting, it potentially mitigates unauthorized data leakage.
@@ -270,7 +270,7 @@ Automatic transcripts for Google Meet SHALL be disabled.

 ### Implementation

-#### GWS.MEET.6.1v0.5 Instructions
+#### GWS.MEET.6.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Meet**.
 3.  Click **Meet video settings**.
@@ -278,7 +278,7 @@ Automatic transcripts for Google Meet SHALL be disabled.
 5.  Ensure **Meetings are recorded by default** is unselected.
 6.  Click **Save**.

-#### GWS.MEET.6.2v0.5 Instructions
+#### GWS.MEET.6.2v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Meet**.
 3.  Click **Meet video settings**.
--- a/scubagoggles/baselines/sites.md
+++ b/scubagoggles/baselines/sites.md
@@ -34,7 +34,7 @@ This section covers whether users are able to access Google Sites.

 ### Policies

-#### GWS.SITES.1.1v0.5
+#### GWS.SITES.1.1v0.6
 Sites Service SHOULD be disabled for all users.

 - _Rationale:_ Google Sites can increase the attack surface of Google Workspace. Disabling this feature unless it is needed conforms to the principle of least functionality.
@@ -57,7 +57,7 @@ Sites Service SHOULD be disabled for all users.

 To configure the settings for Site creation and editing:

-#### GWS.SITES.1.1v0.5 Instructions
+#### GWS.SITES.1.1v0.6 Instructions
 1.  Sign in to the [Google Admin Console](https://admin.google.com).
 2.  Select **Apps** -\> **Google Workspace** -\> **Sites**.
 3.  Select **Service Status**
--- a/scubagoggles/reporter/reporter.py
+++ b/scubagoggles/reporter/reporter.py
@@ -686,7 +686,7 @@ class Reporter:
        Adds the annotation provided by the user in the config file to the
        result details if applicable.

-        :param control_id: The control ID, e.g., GWS.GMAIL.1.1v0.5. Case-
+        :param control_id: The control ID, e.g., GWS.GMAIL.1.1v0.6. Case-
            insensitive.
        :param result: The test result, e.g., "Pass"
        :param details: The test result details, e.g., "Requirement met."
--- a/scubagoggles/sample-config-files/annotate_policies.yaml
+++ b/scubagoggles/sample-config-files/annotate_policies.yaml
@@ -4,10 +4,10 @@
 baselines: [gmail, commoncontrols]

 annotatepolicy:
-  GWS.GMAIL.3.1v0.5:
+  GWS.GMAIL.3.1v0.6:
    incorrectresult: true
    comment: "Known incorrect result; our SPF policy currently cannot to be retrieved via ScubaGoggles due to a split
      horizon setup but is available publicly."
-  GWS.COMMONCONTROLS.1.1v0.5:
+  GWS.COMMONCONTROLS.1.1v0.6:
    comment: Implementation in progress.
    remediationdate: "2025-08-01"
--- a/scubagoggles/sample-config-files/omit_policies.yaml
+++ b/scubagoggles/sample-config-files/omit_policies.yaml
@@ -5,13 +5,13 @@
 baselines: [gmail, commoncontrols]

 omitpolicy:
-  GWS.GMAIL.1.1v0.5:
+  GWS.GMAIL.1.1v0.6:
    rationale: "Accepting risk for now, will reevaluate at a later date."
    expiration: "2025-12-31"
-  GWS.COMMONCONTROLS.18.1v0.5:
+  GWS.COMMONCONTROLS.18.1v0.6:
    rationale: &DLPRationale "The DLP capability required by the baselines is implemented by third party product, [x],
      which ScubaGoggles does not have the ability to check."
-  GWS.COMMONCONTROLS.18.2v0.5:
+  GWS.COMMONCONTROLS.18.2v0.6:
    rationale: *DLPRationale

 # The "&" character used in the above example defines an anchor, which saves a value